An Achilles Heel

By David Abel  |  Defense Week  |  10/12/1999

The Pentagon's Inspector General has listed it as one of the Defense Department's 10 most serious management problems. The General Accounting Office has consistently called it a high-risk area. And now Congress has chimed in with its disapproval, charging that oversight is lacking.

Information technology has long been considered a potential Achilles heal for the military, whether as a portal for spying or a prize for sabotage. The Pentagon's vulnerability -- made visible recently by Serbian hackers defacing the Army's Web site and Russians filching files from the Navy's commercial printers -- has become well known.

But lawmakers say while billions of dollars flow into ever more sophisticated information technology, the Pentagon has ignored concerns about management and continues to breach budgets, scrub schedules, evade data standardization and interoperability requirements, and shortchange user needs.

"In hearings, when the committee has requested lists of systems terminated or significantly restructured as part of the department's oversight process, the answers have consistently indicated that this rarely if ever happens," according to the House fiscal 2000 defense appropriations bill. A House-Senate conference committee last week concluded work on the measure.

"An investigation of the systems terminated by the Office of the Secretary of Defense reveals that the majority of them were canceled because their sponsoring organization was abolished, not because of any problems with the system," the report found.

Lack of oversightIn the bill, lawmakers criticize the Pentagon for failing to adequately oversee information technology investments.

In one case, the report says, a senior group responsible for reviewing and approving such investments has not met in more than a year. Furthermore, some systems have been approved without "key" documentation, others have been bought without cost and benefit analyses and at least seven programs totaling $780 million have been approved despite lacking an acquisition program baseline, which the lawmakers say is "a critical tool for program management."

But Pentagon officials strongly denied they were profligate in their efforts to oversee the more than $16.2 billion the Pentagon uses for everything from supercomputing to encrypting networks.
"The information on oversight of information technology systems is misleading and inaccurate," said a statement the Pentagon provided Defense Week.

"The DoD [chief information officer] issued 28 acquisition-decision memoranda in the past year, all of which were fully coordinated with the [Pentagon's panel that oversees information technology]. We do not measure oversight by the number of meetings. We ensure warfighters receive quality systems."

The House's bill would prohibit the military from using money for information-technology systems that are not registered with the department's chief information officer and not approve advancements in the development process unless the Pentagon certifies to Congress that there's sufficient oversight.

Congressmen highlighted the management problems by pointing to the Defense Joint Accounting System. After the initial development phase, the time line for completing the accounting system's software increased from 16 months to more than six years. And the estimated savings has since diminished from $322 million to $204 million.

Pentagon protests added burdens
Again, the Pentagon argued Congress is taking the wrong course, burdening military officials by delaying the approval process and requiring registration of systems regardless of size or value.

In an appeal to the House defense appropriations bill, Pentagon officials argued: "Intense management attention does not need to be given to every system .... We believe this provision is unworkable and will not meet the committee's desired goals."

At presstime, congressional aides said the final conference report heeds the concerns of Pentagon officials, watering down the provision in the defense appropriations bill that would require the department's chief information officer to register every information technology system. Instead, congressional sources said, the Pentagon would have more discretion over which systems to register.

Furthermore, the $14.7 million requested by the military and approved by the House Appropriations Committee to bolster information technology oversight was included in the House-Senate conference bill, congressional sources said.

Future money depends on oversight
But Pentagon officials still must report back to the congressional defense committees by March as to what they have done to beef up their oversight.

Specifically, the House Appropriations Committee requires the military provide its staff a list of those program managers not fully trained and plans on how to train them, a review on how information systems are chosen and developed, and an overall "Information Technology Strategic Plan" for the entire department.

"The committee provides this funding and this additional authority in the expectation that they will be used to instill discipline into the process," lawmakers wrote in the defense appropriations bill. "The committee is prepared to make an activity's or a program's compliance with [proper oversight procedures] a condition of future funding."