CBP extends cargo system disaster recovery contract

Customs and Border Protection adds five years to its cloud-based disaster recovery infrastructure-as-a-service contract with IBM.

network defense (Timofeev Vladimir/Shutterstock.com)

Customs and Border Protection inked a five-year, sole-source extension with IBM on a contract to support its cloud-based automated cargo processing system.

CBP's Information Technology Center issued a notification in late September saying the agency will continue to use an IBM cloud infrastructure-as-a-service disaster recovery solution. The contract is through the National Institute of Health's Information Technology Acquisition and Assessment Center (NITAAC) CIO-SP government wide acquisition vehicle. The dollar amount of the extension was redacted in contracting documents published Sept. 30.

CBP said the firm-fixed price contract, covering one base year and four option years, would provide the agency's Automated Commercial Environment (ACE) with protection against network outages like those the system suffered in 2017.

ACE is the primary system the trade community uses to report imports and exports and through which the government determines admissibility of cargo. ACE is designed to be the "single window" the cargo transport industry can use to automate and streamline the manual processes associated with importing and exporting goods across U.S. borders. It is the electronic portal for rail, sea and truck cargo manifests and the primary system for industry to send data to other federal agencies via the International Trade Data System.

In the summer of 2017, the ACE system suffered multiple outages that took it offline, as CBP migrated over to it from its old electronic import/export data processing system, the Automated Commercial System (ACS).

As a result, CBP said in the Sept. 30 filing, it contracted with IBM's Federal Data Center near Raleigh, N.C. for disaster recovery services in 2017. Over time, CBP National Data Center's production infrastructure was reconfigured to communicate with IBM's Raleigh, N.C. data center to host ACE's disaster recovery environment, said the agency.

The two data centers, said CBP, are synchronized and configured to replicate data, patch and maintain production. They are optimized to switch roles from primary to backup if the NDC went down, according to CBP.

Those intricate ties, said CBP in its justification for using IBM's IaaS solution, would make moving to another vendor difficult and costly. The agency estimated it would cost $2 million in labor alone to move the disaster recovery solution to another cloud provider. Keeping the current site up and running, while making that move, would also prove costly, it said.

This past summer, CBP also injected some cloud capabilities into the ACS system.

In July, CBP announced it was using a $15 million award from the Technology Modernization Fund to upgrade the aging ACS, including moving 4 million lines of COBOL code running on the agency's last remaining mainframe computer, to a cloud platform.

The agency said the modernization will also help push more cost and operational efficiencies into the system, cutting down on software and maintenance expenses. It will also provide a more functional collection system for the trade brokers that use it, said the agency.