Review of CBP Information Technology System Outage of January 2, 2017

CBP took sufficient steps to resolve the January 2, 2017 outage on the same day it occurred. CBP’s initial actions to resolve this outage were unsuccessful for several hours. Ultimately, the CBP Assistant Commissioner of the Office of Information and Technology (OIT) decided to revert system queries from the TECS Modernization server environment to the TECS Legacy mainframe environment. As a result of this action, airports began to report that they could process passengers again. After 4 hours, airports began reporting that they were back online. The transition back to the legacy environment worked to resolve the January 2, 2017 system outage. Nevertheless, underlying causes that might result in future outages were not addressed and persist today in the CBP environment. we identified inadequate CBP software capacity testing, leaving the potential for the recurrence of processing errors; deficient software maintenance, resulting in high vulnerabilities that remain open; ineffective system status monitoring to ensure timely alerts in case of mission-business disruptions; and inadequate business continuity and disaster recovery processes and capabilities to minimize the impact of system failures on the traveling public. Until such deficiencies are addressed, CBP lacks a means to minimize the possibility and impact of similar system outages in the future.