FEMA Continues to Lack the Infrastructure to Respond Adequately to Disasters

Daniel Kaniewski’s recent resignation from the Federal Emergency Management Agency (FEMA) is another reason to question FEMA’s ability to provide sufficient relief following natural disasters. Kaniewski, FEMA’s “second-ranking” official, joined the agency in 2017 and devoted his efforts to “transforming the role that the agency plays in disaster” from acting as first responders to encouraging pre-disaster preparedness.

This announcement gives rise to greater concerns about FEMA because the agency lacked the Information Technology infrastructure to adequately respond to the many natural disasters that occurred in 2017, including Hurricanes Harvey, Irma, and Maria as well as wildfires in California that destroyed at least $3.3 billion worth of property and collectively killed thousands of people.

The information technology (IT) problems are not new; the Office of Inspector General (OIG) has addressed them in investigations and reports for at least thirteen years. The 2017 report, for instance, details a lack of an established “IT strategic plan, architecture, or governance framework to facilitate day-to-day management of aging IT systems and equipment.” This report indicates that the problems come from a lack of oversight and organization from the top of the agency, which in turn, leads to challenges related to actual response efforts on the ground.

The report specifically identified the source of the problem as the Office of Chief Information Officers’ (CIO) limited authority to manage IT solutions across the agency. While the agency relies on more than 300 IT systems and databases to perform daily functions, the CIO has authority over only 22 such systems. The CIO reports to the Associate Administrator for Mission Support, not to the FEMA Administrator. The Associate Administrator then reports to the Administrator, which hampers widespread control over the agencies information technology resources. The CIO is one step removed from head of the agency, so their reports are sent through the filter of an associate administrator before making it to the top of command.

FEMA has a largely decentralized system for allocating and spending its budget. In the 2018 fiscal year, FEMA spent more than $452 million on IT infrastructure and maintenance. The CIO controlled only about 40 percent of this allocation, which allowed FEMA offices to monitor their own spending. One senior CIO official said that FEMA uses more than 70 percent of its annual IT budget to support aging infrastructure and patching vulnerabilities. This spending reality prevents agency guidance on the proper dispersal and use of IT equipment like computers, tablets, and cell phones. Some workers even used personal devices to accommodate the workload, exposing the FEMA network to security risks and increased potential for delays. Current wireless networks were insufficient to maintain up-to-date information about assistance requests, which hindered an adequate response.

Even when FEMA employees have adequate access to necessary information for the successful completion of their jobs, they oftentimes then mishandle that information. For example, in March, a government watchdog reported that FEMA wrongly disclosed the personal information of over 2.3 million survivors of the 2017 natural disasters to third party contractors hired to work for the agency. This included highly personal information such as bank accounts. Notably, this information was not necessary for the contractors to perform their functions.

Despite OIG recommendations on how FEMA can improve its ability to respond to and manage disasters, many of those recommendations have not been implemented by FEMA. For example, four recommendations that the OIG made to FEMA in a 2015 report have still not been resolved. Similarly, in its most recent report, the OIG made four recommendations regarding how FEMA could better address its poor IT oversight structure and its lack of strategic plans by modernizing its current systems. The agency responded to these recommendations with proposed plans, but FEMA does not expect any of the four to be complete before the end of April 2020.