recommended reading

FEMA's operating systems don't communicate effectively, despite major IT investments

The Federal Emergency Management Agency still doesn't have the information technology capacity to deal with a major disaster response six years after Hurricane Katrina exposed weaknesses in the system, according to an audit released on Tuesday.

FEMA began a major push in 2007 to integrate all of its disparate IT systems and to bring them in line with Homeland Security Department standards. In 2008, FEMA issued a $1 billion contract to integrate the agency's computer systems. FEMA's chief information officer manages about 800 employees and contractors with an annual budget of more than $100 million.

Despite that investment, the agency's different operating systems still aren't effectively talking with each other and the agency has yet to develop a comprehensive IT strategic plan that meets department guidelines and provides proper guidance to lower-level IT officers, according to the report from the Homeland Security Department's inspector general.

The agency also has failed to document all of its IT architecture, so technology workers can evaluate what needs to be improved, the audit said.

As a result, the report said, there's no way of ensuring that a number of modernization programs FEMA has invested in will actually improve operations and communication or of knowing whether the new programs work at cross-purposes or prove less effective than hoped.

Those modernization programs include a massive transfer of FEMA's information systems to just two data storage centers and a plan to equip FEMA staff with notebook computers, encrypted flash drives and smartphones.

"[FEMA] systems are not integrated, do not meet user requirements, and do not provide the information technology capabilities agency personnel and its external partners need to carry out disaster response and recovery operations in a timely or effective manner," auditors said.

The inspector general's report faulted FEMA Chief Information Officer Jeanne Etzel's office for pushing ahead with IT improvement projects without a solid, DHS-certified IT plan in place.

"Although FEMA's IT strategic plan [developed in 2009] contains a high-level summary of the IT efforts planned, it does not provide the detailed guidance necessary for FEMA's IT program activities," the report said. "Specifically, it does not include IT strategic goals or objectives to identify how IT will be used to support agencywide programs."

Rep. Bennie Thompson, the ranking Democrat on the House Homeland Security Committee, called the report "troubling" in a statement and said it might be time for the agency to re-examine the role and responsibilities of its CIO.

"Since 2003, FEMA has had several CIOs," Thompson said. "These serious and repeated problems indicate that the function, responsibility and authority of the position of CIO at FEMA must be closely examined."

The CIO's office is located inside FEMA's mission support division, four rungs down from the agency's director.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.