[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]
WASTING INFORMATION TECHNOLOGY DOLLARS: HOW CAN THE FEDERAL GOVERNMENT
REFORM ITS IT INVESTMENT STRATEGY
=======================================================================
HEARING
before the
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED THIRTEENTH CONGRESS
FIRST SESSION
__________
JANUARY 22, 2013
__________
Serial No. 113-5
__________
Printed for the use of the Committee on Oversight and Government Reform
Available via the World Wide Web: http://www.fdsys.gov
http://www.house.gov/reform
U.S. GOVERNMENT PRINTING OFFICE
79-790 WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC
20402-0001
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
DARRELL E. ISSA, California, Chairman
JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland,
MICHAEL R. TURNER, Ohio Ranking Minority Member
JOHN J. DUNCAN, JR., Tennessee CAROLYN B. MALONEY, New York
PATRICK T. McHENRY, North Carolina ELEANOR HOLMES NORTON, District of
JIM JORDAN, Ohio Columbia
JASON CHAFFETZ, Utah JOHN F. TIERNEY, Massachusetts
TIM WALBERG, Michigan WM. LACY CLAY, Missouri
JAMES LANKFORD, Oklahoma STEPHEN F. LYNCH, Massachusetts
JUSTIN AMASH, Michigan JIM COOPER, Tennessee
PAUL A. GOSAR, Arizona GERALD E. CONNOLLY, Virginia
PATRICK MEEHAN, Pennsylvania JACKIE SPEIER, California
SCOTT DesJARLAIS, Tennessee MATTHEW A. CARTWRIGHT,
TREY GOWDY, South Carolina Pennsylvania
BLAKE FARENTHOLD, Texas MARK POCAN, Wisconsin
DOC HASTINGS, Washington TAMMY DUCKWORTH, Illinois
CYNTHIA M. LUMMIS, Wyoming DANNY K. DAVIS, Illinois
ROB WOODALL, Georgia PETER WELCH, Vermont
THOMAS MASSIE, Kentucky TONY CARDENAS, California
DOUG COLLINS, Georgia STEVEN A. HORSFORD, Nevada
MARK MEADOWS, North Carolina MICHELLE LUJAN GRISHAM, New Mexico
KERRY L. BENTIVOLIO, Michigan VACANCY
RON DeSANTIS, Florida
Lawrence J. Brady, Staff Director
John D. Cuaderes, Deputy Staff Director
Robert Borden, General Counsel
Linda A. Good, Chief Clerk
David Rapallo, Minority Staff Director
C O N T E N T S
----------
Page
Hearing held on JANUARY 22, 2013................................. 1
WITNESSES
The Honorable Tom Davis, A former Representative in Congress from
the State of Virginia
Oral Statement............................................... 6
Written Statement............................................ 9
Mr. Steven Vanroekel, Federal Chief Information Officer, Office
of Management and Budget
Oral Statement............................................... 15
Written Statement............................................ 17
Mr. David A. Powner, Director, Information Technology Management
Issues, General Accountability Office
Oral Statement............................................... 22
Written Statement............................................ 24
Mr. Douglas Bourgeois, Vice President and Chief Cloud Executive,
U.S. Public Sector Division, VMWARE
Oral Statement............................................... 72
Written Statement............................................ 75
Mr. Michael Klayko, Advisor and Former CEO, Brocade
Communications Systems, Inc.
Oral Statement............................................... 88
Written Statement............................................ 90
Mr. Chris Niehaus, Director, U.S. Office of Civic Innovation,
Microsoft Corporation
Oral Statement............................................... 96
Written Statement............................................ 98
APPENDIX
The Honorable Elijah Cummings, from the State of Maryland,
Opening Statement.............................................. 120
The Honorable John Mica, from the State of Florida, Opening
Statement...................................................... 122
The Honorable Gerald Connolly, from the State of Virginia,
Opening Statement.............................................. 124
The Honorable Matthew Cartwright, from the State of Pennsylvania,
Opening Statement.............................................. 127
Questions for Steven VanRoekel from Tammy Duckworth, Jackie
Speier, and Darrell Issa....................................... 130
Response to questions from Jeff Rangel to Jackie Speier.......... 140
Response to questions from Microsoft Innovation Policy Ctr. to
Darrell Issa, Elijah Cumming, and Jackie Speier................ 142
Response to questions from David A. Powner....................... 148
Response to questions from Douglas J. Bourgeois.................. 155
Submitted Testimony for House Oversight and Government Reform
Committee Hearing from Consortium for Citizens with
Disabilities................................................... 164
ICT Sector Trade Associations Comments on FITARA................. 167
Statement for the Record of the Professional Services Council.... 170
Statement for the Record of The Honorable Robert C. Cresanti,
Vice President, SAP America.................................... 176
WASTING INFORMATION TECHNOLOGY DOLLARS: HOW CAN THE FEDERAL GOVERNMENT
REFORM ITS IT INVESTMENT STRATEGY
----------
Tuesday, January 22, 2013
House of Representatives,
Committee on Oversight and Government Reform,
Washington, D.C.
The committee met, pursuant to call, at 1:08 p.m., in Room
2154, Rayburn House Office Building, Hon. Darrell E. Issa
[chairman of the committee] presiding.
Present: Representatives Issa, Mica, Turner, Duncan,
Chaffetz, Lankford, Amash, Gosar, DesJarlais, Gowdy,
Farenthold, Hastings, Lummis, Woodall, Massie, Collins,
Meadows, Bentivolio, Cummings, Maloney, Norton, Tierney,
Connolly, Speier, Cartwright, and Duckworth.
Staff Present: Ali Ahmad, Communications Advisor; Alexia
Ardolina, Assistant Clerk; Richard A. Beutel, Senior Counsel;
Robert Borden, General Counsel; Molly Boyl, Parliamentarian;
Lawrence J. Brady, Staff Director; Caitlin Carroll, Deputy
Press Secretary; John Cuaderes, Deputy Staff Director; Adam P.
Fromm, Director of Member Services and Committee Operations;
Linda Good, Chief Clerk; Michael R. Kiko, Staff Assistant; Mark
D. Marin, Director of Oversight; Laura L Rush, Deputy Chief
Clerk; Scott Schmidt, Deputy Director of Digital Strategy;
Rebecca Watkins, Deputy Director of Communications; Peter
Warren, Legislative Policy Director; Krista Boyd, Minority
Deputy Director of Legislation/Counsel; Ashley Etienne,
Minority Director of Communications; Jennifer Hoffman, Minority
Press Secretary; Carla Hultberg, Minority Chief Clerk; Elisa
LaNier, Minority Deputy Clerk; Lucinda Lessley, Minority Policy
Director; Dave Rapallo, Minority Staff Director; Mark
Stephenson, Minority Director of Legislation; and Cecelia
Thomas, Minority Counsel.
Chairman Issa. The committee will come to order.
The Oversight Committee exists to secure two fundamental
principles. First, Americans have a right to know that the
money Washington takes from them is well spent. And second,
Americans deserve an efficient, effective government that works
for them. Our duty on the Oversight and Government Reform
Committee is to protect these rights. Our solemn obligation is
to hold government accountable to taxpayers, because taxpayers
have a right to know what they get from the government.
Our obligation is to work tirelessly in partnership with
citizen watchdogs to deliver the facts to the American people
and bring genuine reform to the Federal bureaucracy. This is
our mission.
Today we advance that mission statement in the area of
information technology, which is at the heart of whether the
Federal government knows where the waste, fraud, and abuse is;
knows or can be expected to deliver an efficient and honest
return for every dollar contributed by the Federal taxpayers.
To that extent, we have three panels today. This is not a
controversial hearing within this committee. But it may be
controversial outside of this dais.
In just the last 10 years, government spending on IT has
risen by $46 billion. Even in Washington, that is a lot of
money. We now spend $81 billion in 2012. As is the case
government-wide, spending decisions were often not based on
performance results. Program failures and cost overruns plague
three-quarters of all large Federal IT programs. Federal
managers say that 47 percent of their budget goes to maintain
obsolete or deficient IT resources.
Estimates suggest that as much as $20 billion of taxpayer
money is wasted each year. But let us understand, in this case
it is not the waste of the $20 billion, it is what that $20
billion could do properly applied to our transparency into our
government. The leveraging of $20 billion to save $200 billion
is why it is essential that we fix this part of government that
seems to be so broken.
We have built an IT infrastructure that is bloated,
inefficient, and actually makes it more difficult for the
government to serve its citizens in some cases. With more than
$81 billion spent each year on Federal information technology,
Americans are not getting anywhere close to what they would
expect to get for their money.
Just last month, the Air Force announced that a $1 billion
logistics system had failed and was being shut down. It was a
logistics system that was needed. It will still be needed. We
will still need to make these improvements.
I want to join with all those who realize that few of our
programs that fail, fail because they weren't wanted or needed,
they fail for other reasons. And that is what this committee is
determined to get to the bottom of and change the system.
Often quoted in Washington is Albert Einstein saying, more
or less, that if you keep doing the same thing over and over
and expect a different result, that is the definition of
insanity. We will not allow the Federal government to continue
doing things over and over again that, in fact, more money has
not made work better. It is our choice now to listen to all the
parties who will come to bear to this committee. People who
understand government procurement, of course; people who
understand the private sector and what works there.
I have often quoted my working in my old company with
companies like Circuit City, Best Buy, and Wal-Mart, companies
that in some cases were very opaque; in other cases, visual on
even my desktop, I could see every store, every product from my
company, and whether, in fact, it was selling or not. I not
only could see it, but my salesmen could see it. And if
something didn't move in one store and moved in another, they
knew that they could go and find out why. That doesn't exist in
the Federal procurement system. It doesn't exist anywhere in
government, and it needs to.
With that, I would like to introduce Mr. Cummings for his
opening statement at this time.
Mr. Cummings. Thank you very much, Mr. Chairman.
I want to welcome all of our witnesses here today,
including our good friend and distinguished former chairman,
Tom Davis, who I just have a phenomenal amount of respect for.
Tom, it is good to see you again.
I think this is an appropriate first hearing for this
Congress. This is a good government hearing that gets right to
the core of our committee's jurisdiction. Today we are
examining Federal spending on information technology. Our
committee has jurisdiction over the efficiency and management
of government operations and activities, including procurement.
It is our responsibility to ensure that the Federal government
is spending money wisely and efficiently.
I think all of our constituents would agree that they want
to make sure that their tax dollars are spent that way,
effectively and efficiently. This includes Federal spending on
information technology. The President's fiscal year 2013 budget
projected that agencies will spend $79 billion on IT this year.
The Government Accountability Office has found that agencies
did not have adequate oversight of these investments. In a
report last October, GAO found that five major agencies have
not been using the proper safeguards to ensure that their
investments in the operation and maintenance of IT systems are
performing as intended.
As GAO said, and I quote, ``Until agencies address these
shortcomings, there is increased risk that these agencies will
not know whether the multi-billion dollar investments fully
meet their intended objectives.''
I look forward to hearing from Mr. VanRoekel, the Chief
Information Officer, about the progress the administration has
made in improving the quality of IT investments, what is being
done to improve oversight of those investments, and how overall
spending is being reduced.
In particular, I am interested in hearing about the
administration's efforts to improve transparency of IT
investments. I also look forward to hearing from the industry
leaders who can identify the challenges, opportunities we face
in our efforts to improve the way that government invests in
IT.
And let me say this. As the chairman was speaking, I could
not help but think about a few years ago when I sat as the
ranking member on the Transportation Committee of the Maritime
and Coast Guard Subcommittee. And one of the things that we
discovered is that we had a broken procurement process in the
Coast Guard. And the Coast Guard literally were buying boats
that did not float, radar systems that were supposed to cover
360 degrees that were covering 180 degrees, radios that if they
got wet, they did not operate. That was in this country.
But I hope you listened to what the chairman said very
carefully. When we are wasting money and not using it
effectively and efficiently, I mean, that is money that could
be used to do some things that we really do need done. And so
that is why this hearing is so important.
You know, I often talk to my staff about hearings and
whether we get the value out of hearings. I want the people who
address us this morning to talk about how we can effectively
get this done. I mean, it is nice to hear about the problem,
but do we need time tables, Tom? I mean, what kind of things
can be done so that when the chairman looks back at his legacy
and hopefully we all look back at ours, we can say we actually
did something and didn't just spend time talking about it.
I am sure the chairman shares any view. And I am hoping
that when the folks come up here to testify, you will help us
with some roadmaps--that is right, take out your pens, write it
down--and so that we can be effective and efficient. Effective
and efficient.
Finally, I want to applaud the work of our resident
technology expert, Representative Connolly, the ranking member
of the Government Operations Subcommittee. Mr. Connolly held a
forum in his district last May that explored many of the very
same issues we will hear about today. He also has taken the
lead in introducing legislation to reduce waste by
consolidating Federal data centers.
The administration's efforts on data center consolidation
are expected to save the government $3 billion by 2015. I
believe it is time to modernize the way the government does
business. This will require strategic investments in
technology. But we should not overlook the importance of
strategic investments in our workforce. Our acquisition
community needs to have the tools necessary to effectively
oversee increasingly complex systems from beginning to end.
These professionals ensure that the government is a smarter
consumer.
And with that, I yield back.
Chairman Issa. I thank the gentleman.
Because this will be referred to the Government Ops
Subcommittee, I would like to recognize its chairman, Mr. Mica,
for a short opening statement.
Mr. Mica. Well, thank you for yielding, and also thank you,
Chairman Issa, for holding this important hearing, hearing that
deals with government waste, particularly on the eve of the
Congress considering expanding our national indebtedness, where
it is nearly at $16.5 trillion, and we have got to look at
every avenue and source of wasteful spending.
This is not a small-potatoes item. IT, we spent in the last
decade $600 billion. And the information we have today we gain
primarily from a 2012 report from the GAO which took the
opportunity to review what was going on and highlighted the
need to address potentially duplicative IT investments to
avoid, again, wasteful spending. In fact, in the fiscal year
that GAO looked at, 2011, they found that the Federal
government funded 622 separate human resources systems, 580
financial management systems, and 777 supply chain management
systems.
So what we have ended up with is various Federal agencies,
as well as offices within the different agencies, making
separate and very costly investments in back office systems
that often perform the same function. And all this duplication
comes at some pretty significant cost.
Unfortunately, that has been our approach. And what we
should be doing is aggregating demand among the agencies and
their different offices to get the best prices for various IT
products and services, which we aren't properly doing.
We also waste money investing in systems that fail to
become fully functional. And the staff, from the report, this
GAO report, indicated that, for example, the National Archives
and Records Administration, also under our committee's
jurisdiction, poured--now listen to this--$375 million into the
development of an electronic records archive system that has
now been put to a halt. And we will look further at that.
Then we look at the office of OPM, Office of Personnel
Management, cancelled its Retirement Systems Modernization
program after spending nearly $0.25 billion on that program. We
will look at this.
Despite these failed investments, OMB, unfortunately,
recently abandoned the practice of including in the President's
budget submission a summary of the extent of the risk
represented by major Federal IT investments. According to a
report issued by GAO last fall, the President's budget
submission from 2007 to 2009 included an overview of the
investment performance over several budget years of IT projects
in need of management attention. But this practice was
abandoned, unfortunately, by the White House in its last four
budget submissions.
The unfortunate reality is that 16 years following the
signing of the seminal Clinger-Cohen legislation that laid the
very foundation for the Federal government's acquisition and
management of IT and 10 years after the E-Government Act was
passed which established the Federal chief information
officers, the program would set program failure rates and cost
overruns which currently now plague us and, unfortunately, they
account for an estimated 72 to 80 percent of large government
IT programs. And that is an industry calculation.
The first step in addressing any problem is determining who
is responsible and holding people accountable. The Office of
Management and Budget also needs to take responsibility for the
lack of coordination and intelligent investment in IT being
done at the agency level. OMB has to be willing to step up and
take responsibility and say the buck stops here.
Finally, I am also disappointed that the head of OMB's
Office of Federal Procurement Policy, the Federal government's
chief acquisition individual and person responsible, is not
with us today, although he was invited to testify. But I am
glad we have with us today OMB's financial chief information
officer. Look forward to his testimony and the others and look
forward to working with you on this important issue. And yield
back.
Chairman Issa. I thank the gentleman.
We now recognize the ranking member, the gentleman who
replaced our first witness, for his opening statement.
Mr. Connolly. I thank the chair. And I thank the ranking
member, Mr. Cummings, for his kind words. And I want to thank
the chair. If the entire 113th Congress can begin on the note
we are beginning on today, we are going to be making music for
2 years. But I want to thank the chair for his leadership in
this particular area. We are working together and our staffs
are working together on a draft bill that I think can move us
into the bright sunshine of this part of the 21st century,
giving more flexibility to the Federal government and to
Federal managers. Because some of the problems outlined by my
friend, Mr. Mica, the new chairman of the Government Operations
Subcommittee, have to do with how the government is organized
and the flexibility or lack thereof that we give to managers.
And as indicated, we spend about $81 billion a year, not
all of that well. Government is slow to pull the plug when we
do make a mistake, much slower than the private sector.
Government has a problem in terms of recruiting and retaining
the skilled workforce you need for large, complex contracts
such as these.
And so addressing those issues, both in process,
procurement, and people, I think is very important.
And so I look forward to continuing to work with the
chairman of the full committee and with the chairman of the
subcommittee in trying to come up with legislation that makes
sense, that provides flexibility, that gives maybe more
discretion to CIOs, to the chief information officers of
Federal agencies, and that will save money and make sure that
the deployment of the resources we do have is more efficacious.
Finally, Mr. Chairman, I do want to welcome my predecessor,
Tom Davis, former chairman of this committee, whose portrait
hangs here, who preceded me on the Board of Supervisors of
Fairfax County, proceeded me as the chairman of Fairfax County,
and preceded me here in Congress.
Just last week, Tom was gracious enough to participate in a
staff retreat I held--I have an annual staff retreat--sort of
giving us a different take on some issues and how he did it in
terms of managing constituent services and legislative
assignments in the 14 years he graced these halls. I want to
thank Tom for his graciousness as my predecessor and for making
my transition here in Congress as smooth as possible. It is a
model for bipartisan cooperation.
Welcome, Mr. Davis.
And thank you again, Mr. Chairman.
Chairman Issa. I thank you.
Now we recognize the Honorable Mr. Davis, who has returned
to the place in which he was hung.
Mr. Davis. Many times.
Chairman Issa. Tom, you are my friend, you are my mentor.
And as you have heard from both sides of the aisle, you are
somebody whose opinion we respect. And with that, you are
recognized.
STATEMENT OF HON. TOM DAVIS, A FORMER REPRESENTATIVE IN
CONGRESS FROM THE STATE OF VIRGINIA
Mr. Davis. Mr. Chairman, thank you very much. And
congratulation to both you and Mr. Cummings on a terrific
start. I sat on this committee where the rules, sometimes we
would be here all afternoon. So that is a good start. And I
think the hearing is a great place to start because this is not
a Republican or Democratic issue. We can argue over we have too
much government or not enough government. But we want the
government we are paying for. And that is really what this is
about today. So I think we can join on that.
I just also say to subcommittee chairman Mr. Mica and to
Mr. Connolly, Mr. Connolly, you followed me on the Board of
Supervisors, as chairman of the board and to Congress, and if
you can like me retire undefeated and unindicted maybe one day
you will be a witness as well.
Chairman Issa. I think he wants to be hung, too.
Mr. Davis. Take a couple more terms and a switch. But I am
not going to get into that.
Let me just also acknowledge, Jim Turner is here. He was
the author of the E-Government Act. I attached a number of
pieces of legislation, but Jim was a distinguished member of
this committee on the Democratic side when I was the
subcommittee chairman in 2002 when we worked that bipartisan
legislation together. And I think it is time for an update. And
I think this is an apt hearing for that.
Let me put all of my testimony in the record and just make
a few salient points. The Federal government spends about $81
billion in IT annually, making it the largest single acquirer,
adopter, and user of IT globally, more than any other nation,
global corporation, or organization. So the Federal government
should be the best at how it plans, sources, implements, and
operates IT to achieve missions successfully. Doesn't always do
it that way.
Few thoughts. We could get an improved return on
investment. In the private sector, IT is an investment, it is a
strategic enabler. But in the Federal government all too often
IT is viewed and treated as a discretionary expense. Cost
savings realized from these investments can be many times
greater than what you achieve when you cut IT and require, and
we can achieve part of this by executive oversight.
CIO authority. Department-level CIOs currently have
responsibility and accountability to manage their IT
deployments, but they lack the organizational and budget
authority.
Too loud? Okay.
Chairman Issa. Just if you could, Tom, if you could pull it
a little bit closer. We are getting a little echo up here.
Mr. Davis. Okay.
Shared services. Federal government is the only large
multinational organization globally who has not implemented
shared services for its back office functions. OMB should build
upon its prior line of business and shared first strategies to
require agencies to move away from the bureau-centric
administrative systems and to department-wide and government-
wide administrative shared solution services.
Also, on cybersecurity, really nothing else matters in
Federal IT if the government doesn't get cybersecurity right.
We passed FISMA, the Federal Information Security Management
Act, as a part of the E-Government Act in 2002. It needs to be
updated and operationalized. I know there are jurisdictional
problems here in Congress, but if we don't get cybersecurity
right, nothing else is going to matter.
Information, devices, and the Federal workforce is becoming
increasingly mobile. Therefore, OMB and congressional oversight
for government-wide implementation of existing cybersecurity
priorities is critical. And as the government moves from
securing systems and devices to securing data at rest and data
in transit for information-sharing purposes, the government
will need to identify and implement new solutions in areas such
as continuous monitoring, identity, authentication, and
credential management and cryptology.
Let me also move in my last minute and a half, the
procurement workforce. This has been a problem. We have cut
back the procurement workforce, we don't give them appropriate
training, we don't give sometimes enough leeway. This is
critical. So many IT functions that go sideways are because we
don't have the appropriate oversight, we haven't empowered our
procurement workforce to do the job.
Procurement processes, as you know in government, sometimes
the mission is not to make a mistake. So you don't get the kind
of innovation that you would get in other cases. And I could
talk more on that during the questions and answers, but I want
to get through my time.
Continuing resolutions. CRs kill IT procurements, it kills
innovation in government, because no agency head is going to be
spending their budget on new procurements, follow-on work, if
they don't know what their budget is going to be. Their
inclination is to protect their people. And we have seen us
step backward and backward as Congress doesn't get budgets done
on time and goes through CRs.
And finally, some of the rules that we have that I think
are passed with good intentions to ensure that lobbyists don't
come in and have undue influence also hurt us because many
times the people writing these have not had appropriate
contacts with the outside world, small companies trying to get
in and share their ideas in government and operate in a bubble.
I think it is a good idea for companies to come in and
share their ideas and have an open door to policymakers so that
they know what the existing technologies are, can be aware of
what government's needs are, and therefore can address them in
the procurements. And I will stop there on time.
Chairman Issa. I have never seen a professional get it
exactly to the second. Tom, you are good.
[Prepared statement of Mr. Davis follows:]
[GRAPHIC] [TIFF OMITTED] 79790.001
[GRAPHIC] [TIFF OMITTED] 79790.002
[GRAPHIC] [TIFF OMITTED] 79790.003
[GRAPHIC] [TIFF OMITTED] 79790.004
Chairman Issa. Because you are an unusual witness, I have
so many questions that I will just follow up endlessly over
dinner sometime.
But, Mr. Davis, the one thing that I wanted your comment on
that wasn't in your opening statement was, because you were
here for the creation of chief information officers, did you
ever envision having more than one chief per agency and on the
average more than two chiefs per agency and all but one of them
not having any budget authority?
Mr. Davis. No. I don't think anyone knew what would happen
when we set them up this way. There has certainly been a
proliferation of CIOs. But I think you can have as many as you
want if you give them the right authority. The problem is they
are sitting out there and in many cases they are toothless
tigers. Some great people, very dedicated. But if you can't
enforce this, that is why we get so many stovepipes built up.
Chairman Issa. So it would be fair to say that the 40 CIOs
that are in Department of Justice alone would be a little more
than you would have assigned.
Mr. Davis. I don't think anybody envisioned that when we
did it originally.
Chairman Issa. Or the 35 in the Department of
Transportation.
Mr. Davis. Well, I am not picking on anybody. But I just
think, at the time--what you need are lines of authority and
decision makers. It is okay to have a multiplicity of CIOs if
they have authority. But if they don't have authority.
Chairman Issa. So, in short, if they have their share of
the budget and can be held accountable for every penny that
goes under their jurisdiction, you are okay with it as long as,
in fact, that is what comes with being a chief, is budget
authority.
Mr. Davis. Well, you know, look, you don't want 40
stovepipes out there. You have got to have your CIO for your
agency overseeing those kind of things. And whatever you call
the other CIOs, at the end of the day there needs a congruency
there that is not always built into the system. CIOs don't know
who to report to. If you are a CIO, for example, subsidiary
within an organization, do you report to your CIO or do you
report to your agency head? So there is just I think a lot of
confusion out there over what the authority lines go.
Chairman Issa. Mr. Cummings?
Mr. Cummings. Tom, when you were chairman of this
committee, you authored the Federal Information Security
Management Act, and Chairman Issa and I worked together last
Congress to introduce legislation to update FISMA, which has
now been in place, of course, for over a decade. Our bill would
require that the Federal government shift to a system of
continuous monitoring of information systems.
One of the things that we hear a lot about, of course, is
cyber threats. You have already said that you think that FISMA
needs to be updated. But can you talk about the cyber threats,
because it seems that that is what we should be worried about,
because it is my understanding that these threats and cyber
attacks can do quite a bit of damage, and I just wanted you to
comment on that.
Mr. Davis. They do all kinds of damage. First of all, they
could do societal damage like a 9/11, when you get into it, if
they get into the wrong systems and were at play. But you have
a lot of information being lifted. And I don't want to get
into--you have had situations where we are negotiating trade
agreements and we are negotiating with other countries and they
have been able to lift all of our information off.
So it is basically the fact that a lot of confidential
private government information is being lifted off by our
competitors and we are providing it to them free. It is a huge
cost to taxpayers and a huge cost basically to America.
Mr. Cummings. Now, are there any other changes to the law
that you think we need to make?
Mr. Davis. Well, I think just on FISMA how you do it there
are probably a dozen ways to do it, but it needs to be
operationalized. It has turned into a check-the-box routine. It
has had some good things, because they weren't even checking
boxes before this. But I think your idea of continuous
monitoring, testing, prodding of the systems is very, very
important. So that is the direction I think it needs to move.
Mr. Cummings. Mr. Chairman, I yield back.
Chairman Issa. I thank the gentleman.
Per your agreement, I understand you will be able to answer
written questions by both sides.
With that, we will take an extremely short recess and go to
our next panel.
Thank you again, Mr. Davis.
[Recess.]
Chairman Issa. While that second panel is getting set up,
for the new members I think it is important to note that
normally Members of Congress who come before this committee
testify but don't answer any questions. So Mr. Davis sort of is
in that in between, and I appreciated that he took a couple of
follow-ups. But for future reference, and this includes when
you may go based on areas of expertise to other committees,
that is normally the tradition, is Members are not sworn and
Members of the House and Senate normally don't answer
questions, although they may. So just a little piece of
information from an old guy.
And with that, we recognize our second panel of witnesses.
Mr. Steven VanRoekel is the Federal Chief Information Officer
of the Office of Management and Budget. Now, that is a chief's
chief. We want to make sure we get that out here, because Mr.
Davis defined such a thing. And Mr. David Powner is the
Director of Government Accountability Office, Information
Technology Management, and in fact for those again new members,
GAO works for us.
So I want to thank both of you for being here today.
Pursuant to the committee rules that were just passed before
your very eyes, I would like you to both rise and take the
oath. Please raise your right hands. Do you solemnly swear or
affirm that the testimony you are about to give will be the
truth, the whole truth and nothing but the truth? Let the
record indicate that both witnesses answered in the
affirmative. Please be seated.
My previous chairman, Mr. Towns, is now retired, but I will
one time more introduce the clock the way he did. Everywhere in
America we know that green means go, yellow means go through
the intersection real quick, and red means stop. So it is a 5-
minute clock. Please come as close as you can to it.
Mr. VanRoekel?
WITNESS STATEMENTS
STATEMENT OF STEVEN VANROEKEL
Mr. VanRoekel. Good afternoon, Chairman Issa, Ranking
Member Cummings and members of the committee. Thank you for the
opportunity to testify on the administration's efforts to
manage the Federal government's investment in information
technology.
The growth of cloud computing, mobile devices, data and
social media is creating a demand for government services that
is once unforeseen. Americans' expectations of their government
have reached a critical point even faster than we anticipated.
They expect us through the use of technology to provide the
same quality of service they experience in their everyday lives
and we must meet these expectations efficiently and securely.
During my nearly 20 years in the private sector, I woke up
every day focused on improving and expanding core services and
customer value while also cutting costs. We must ensure the
Government has the same mentality by driving innovation to meet
customer needs, maximizing the return on our investment in
Federal IT, and in establishing a trusted foundation for
securing and protecting our information resources.
Since the mid-1990s, Federal IT spending grew about 7
percent annually. A culture was built which assumed that to do
new things we must spend more. Had we continued on that growth
curve, we would be spending over $100 billion on IT today
versus the $78 billion to $81 billion we do spend. In 2009, we
worked to freeze Federal IT expenditures, and under my watch we
have reduced it year over year. Although spending is flat or
declining, we refuse to use this as an excuse to do less with
less. Instead, we are applying the private sector mentality of
continuous improvement to expand and improve core services and
customer benefit while reducing costs. In this time of fiscal
austerity, we must ensure that we are always innovating with
less.
But if we focus solely on cost reduction we will overlook
the value that IT brings to the Government and our country.
Few, if any new government services will be established without
technology as their foundation. Strategically investing and
deploying IT can provide a downstream multiplier effect, not
only in efficiency and cost savings, but by making us more
productive, more customer friendly and more secure.
Today I would like to highlight the three principles in our
approach to innovate with less. First, we are working every day
to drive innovation into everything we do. The value of
government programs rests upon their ability to positively
impact the lives of Americans. Simply put, the American people
must be at the center of every action we take and no decision
should be made that cannot be tied to significant customer
benefit or savings.
We must also embrace 21st-century ways of building
government solutions. For too long the Federal landscape has
not benefited from productivity gains seen in the private
sector. We can't just spend less; we need to change the way we
do business. This includes modular solutions, embracing mobile
technology in new ways, and creating services that were once
unforeseen.
Driving innovation doesn't end at the walls of government.
The information maintained by the government is a national
asset with tremendous potential value to the public,
entrepreneurs, and to our own programs. The administration's
innovation agenda includes multiple initiatives that will open
data to enhance information exchanges, interoperability, and
public release of data while safeguarding information security
and privacy. Open government data is creating an incredible
platform for innovation in the private sector, continuing to
foster an increasingly important role for government in the new
data economy. Today, private sector entrepreneurs are
leveraging this asset to create jobs and provide better service
for the American people.
Second, we are focused on maximizing the overall return on
investment in Federal IT and are providing agency leadership
with tools to help look across their IT portfolios to make
strategic investment decisions. We are driving cost savings in
government through many targeted efforts, including investment
reviews, our cloud-first policy, strategic sourcing, data
center optimization and PortfolioStat. By gaining efficiency we
can not only save money, but we can drive innovation in
government by culling from inefficient programs and reinvesting
in high ROI, mission-focused technology solutions.
Third, we are advancing cybersecurity capabilities on every
front. This issue requires creative solutions to address
emerging and increasingly sophisticated threats and new
vulnerabilities introduced by rapidly changing technology. To
overcome this challenge we must continue to implement
initiatives such as the cybersecurity agency goals, FISMA and
FedRAMP, and to continuously measure agency progress in
improving information security performance. Building on the
last four years, our focus going forward will be to drive
innovation in government and make investments in technology
that better serve the American people. We will use technology
to improve productivity and lower barriers to citizen and
business interaction with government, all while bolstering
cybersecurity.
Thank you for the opportunity to appear today, and I look
forward to our discussion.
Chairman Issa. Thank you.
[Prepared statement of Mr. VanRoekel follows:]
[GRAPHIC] [TIFF OMITTED] 79790.005
[GRAPHIC] [TIFF OMITTED] 79790.006
[GRAPHIC] [TIFF OMITTED] 79790.007
[GRAPHIC] [TIFF OMITTED] 79790.008
[GRAPHIC] [TIFF OMITTED] 79790.009
Chairman Issa. Mr. Powner?
STATEMENT OF DAVID A. POWNER
Mr. Powner. Chairman Issa, Ranking Member Cummings and
members of the committee, we appreciate the opportunity to
testify on wasteful IT spending. My comments will focus on
three areas. One, the Government's poor record when it comes to
delivering IT. Two, recent OMB initiatives to address the
problems. And three, what needs to be done to fully address the
issues at hand.
GAO's work and others over the year have shown that the
Government has a poor track record when it comes to managing
and delivering IT. My written statement lays out several recent
examples where billions of taxpayers' dollars have been wasted
on failed projects. In addition, the IT Dashboard currently
shows nearly 200 investments totaling $12.5 billion that are at
risk, and these numbers are understated.
To address these issues, over the past several years OMB
has put in place several initiatives that have resulted in
improvements. First, the IT Dashboard provides realtime
reporting of over 700 major investments and highlight CIOs'
assessment of each. This information has been used to terminate
and scale back projects and reduce budgets by nearly $4
billion, according to OMB. In addition, the comprehensive IT
reform plan covers areas like IT governance, program management
and procurement. An important goal of this plan is for agencies
to turn around one-third of their underperforming projects.
One of the more important aspects of the reform plan is the
data center consolidation effort, in which OMB claims could
result in $3 billion in savings. And more recently the
administration rolled out the PortfolioStat initiative that
focuses on eliminating duplicative IT systems. OMB estimates
about $2.5 billion in savings here. The big takeaway here is
that by turning around troubled IT projects, consolidating data
centers, and eliminating duplicative commodity IT systems, the
Government can save somewhere between $5 billion and $10
billion if indeed these initiatives are successfully carried
out.
Based on our work over the past several years, here are key
areas that need more attention. First, we need even better
transparency and more action on troubled projects. This starts
with accurate information on the IT Dashboard. We can't have
situations where agencies like DOD report no high risk systems
when in fact they have many. On the other hand, some agencies,
like DHS, are reporting accurately and moving more of their
projects to a green status. However, overall agencies are
nowhere near accomplishing the IT reform goal of turning around
one-third of the underperforming projects. I would like to
stress the importance of tackling these projects in smaller
increments. My written statement highlights seven successful IT
acquisitions and each took an incremental approach.
Second, we need to tackle duplication more aggressively.
For example, our work shows that 27 major departments and
agencies have nearly 600 financial management systems and spend
almost $3 billion on these systems annually. The
administration's PortfolioStat process is an excellent
initiative to address this duplication.
Third, OMB and agencies need to follow through on their
data center plans. Server utilization rates are far below
desired amounts, consolidation still needs to occur, and
ultimately the key performance metric here is dollars saved.
DOD alone reports that they can save $2.2 billion and OMB
claims that the Government can save $3 billion by 2015.
Finally, the Government needs to perform the required
operational analysis on the operational systems totaling $55
billion so that over time we can spend more money on
modernizing government operations and less on maintaining old,
archaic systems. All these areas--improving transparency,
turning around large IT acquisitions, tackling duplication,
optimizing data centers, and shifting the percentage of what we
specifically are spending the $80 billion on--require strong
and accountable chief information officers and attention to the
many GAO recommendations we have made in these areas.
Mr. Chairman, GAO's plan is to stay on top of these
important issues as we currently have worked, looking at the
Dashboard, PortfolioStat, data center consolidation and IT
duplication. We look forward to further assisting you in your
important oversight role. This concludes my statement. I would
be pleased to respond to questions.
Chairman Issa. Thank you.
[Prepared statement of Mr. Powner follows:]
[GRAPHIC] [TIFF OMITTED] 79790.010
[GRAPHIC] [TIFF OMITTED] 79790.011
[GRAPHIC] [TIFF OMITTED] 79790.012
[GRAPHIC] [TIFF OMITTED] 79790.013
[GRAPHIC] [TIFF OMITTED] 79790.014
[GRAPHIC] [TIFF OMITTED] 79790.015
[GRAPHIC] [TIFF OMITTED] 79790.016
[GRAPHIC] [TIFF OMITTED] 79790.017
[GRAPHIC] [TIFF OMITTED] 79790.018
[GRAPHIC] [TIFF OMITTED] 79790.019
[GRAPHIC] [TIFF OMITTED] 79790.020
[GRAPHIC] [TIFF OMITTED] 79790.021
[GRAPHIC] [TIFF OMITTED] 79790.022
[GRAPHIC] [TIFF OMITTED] 79790.023
[GRAPHIC] [TIFF OMITTED] 79790.024
[GRAPHIC] [TIFF OMITTED] 79790.025
[GRAPHIC] [TIFF OMITTED] 79790.026
[GRAPHIC] [TIFF OMITTED] 79790.027
[GRAPHIC] [TIFF OMITTED] 79790.028
[GRAPHIC] [TIFF OMITTED] 79790.029
[GRAPHIC] [TIFF OMITTED] 79790.030
[GRAPHIC] [TIFF OMITTED] 79790.031
[GRAPHIC] [TIFF OMITTED] 79790.032
[GRAPHIC] [TIFF OMITTED] 79790.033
Chairman Issa. For all the members, be aware that somewhere
in the 2 o'clock time range we will have our first and only
series of votes for the day. It will be no more than three
votes, and we will return immediately following that. I will go
down the order normally, but if somebody is here ahead of you,
then I will go to that person first and then return to the
normal order.
Mr. Powner, I guess the first problem we seem to have is
that the software for the IT Dashboard is not performing
properly, if I heard you say, that in fact what we are getting
there in reporting, granted it is not automated reporting, but
that reporting is not factual. In a nutshell, how do we fix
that? How do we get that reporting to fairly reflect the real
green, red, yellow that we should?
Mr. Powner. Well, Mr. Chairman, there is reporting on cost
and schedule performance, but there is a key report on CIO
assessment and that doesn't require the software to function.
That requires the CIO to be on top of their projects and to
accurately report. So we issued a report late last year that
highlighted some of the problems.
We have some departments and agencies reporting accurately.
DOD reported zero red investments, and that was soon after they
cancelled the one investment that you highlighted in the
opening to the hearing here. So we need to make sure that we
get accurate reporting, that CIOs are on top of the status of
these 700 major IT investments.
Chairman Issa. Let me follow up briefly. There is 243 CIOs.
Only one has full budget authority, and that is Veterans
Affairs. Do you see a difference between the one and the 242 in
the sense of accountability? I know that is a very small
offsetting number. We don't have a second example. But can you
give us a contrast that you think budget responsibility and
authority can bring?
Mr. Powner. Clearly budget authority helps with your
authorities, but there is also some CIOs in the Federal
government, I can point to several examples, where even without
budget authority they are still quite successful. And some
areas, if you look at IRS as an example, over the years they
have greatly improved. Their chief information, chief
technology officer there gets a lot done, gets it done well.
DHS is another good example where even without budget authority
they still can be quite successful.
Chairman Issa. Before I move on, this committee has a long
history of bringing people in when they screw up. How do I do
what you just did? How do I find the areas of excellence,
identify them and recognize them? And not just I, I mean our
Government. Because certainly we do have, and I have met many
of them, these information officers that are doing an excellent
job that are on top of it, but out of 243 clearly some are not.
Mr. Powner. Well, you know, I mentioned a few agencies that
are performing better than others, but clearly Steve VanRoekel
has the best picture into who those stronger CIOs are across
the Federal government. He meets with them frequently in many
of his initiatives, he has seen them firsthand, in addition to
our work at GAO. But he has much more hands-on working
experience and I would rely heavily on him.
Chairman Issa. Then I will go to the gentleman. Can you
give me your best and brightest and tell me how I leverage the
accolades to them so that the others will realize that
excellence is rewarded?
Mr. VanRoekel. I am happy to provide names and lots of
examples of best practices that we have done.
Chairman Issa. We will take them.
Mr. VanRoekel. We are taking this direction and actually
institutionalizing a lot of this work in the CIO Council. We
have stood up an effort this year to immortalize best practice
sharing in a way that really has never been done before,
putting examples of best case around procurement, around
implementation of different technologies and things like that,
as well as starting a CIO university that we bring new CIOs
that are entering the Government to bear to consume our
handbook, hear from the better CIOs on how to get best results
and things like that.
Chairman Issa. By the way, who is the IRS CIO that you
mentioned?
Mr. Powner. Terry Milholland. He goes by CTO, but in fact
he is their chief information officer.
Chairman Issa. Excellent. I am going to just touch on a
couple of areas. Ms. Duckworth actually brought this to me, so
sometimes the most important questions are from freshmen.
I have been in Congress for 12 years. Before I was in
Congress I worked on a voluntary basis for my county. So as far
back as about 16 years ago I was acutely aware that we put a
lot of money into interoperable systems so that our counties,
our cities, our fire departments and so on could communicate,
particularly in times of emergencies, which San Diego tends to
have a fire, a major fire every year or two. It is now more
than a decade later and these systems are generally no better.
Additionally, we reported in fiscal year 2011 we funded 622
separate human resource systems at a cost of $2.4 billion.
The frustration that I have, the frustration the gentlelady
has from Illinois is how do we stop looking at things 6 years,
10 years, 20 years later and find out that what we said the job
was to consolidate, the job was to go to a single interoperable
system and so on, just as we are doing here today, how do we
stop it from expanding? Because I am sure that we are not 622
separate human resource systems, and I know for a fact that the
systems used by fire and emergency operations around my State
at least are not 14 years old. They are systems that don't talk
to each other that were bought after we recognized the problem.
Mr. VanRoekel?
Mr. VanRoekel. I think a primary way to think about this is
if you look at the history of technology and the way it grew
up, even in the private sector, and I was, as I mentioned in my
opening statement, in high-tech in the private sector for 20
years, most of that at Microsoft Corporation, so I saw a lot of
evolution in this space.
The industry grew up in a way that was very single purpose,
where it was unthinkable on a server to install multiple kinds
of software. You would just put an e-mail on one, a database on
another and things like that. There is now technology available
that allows us to do things massively different.
I think the private sector has realized that. As Mr. Davis
said in his opening statement, there is this inflection point
we all go through where technology is seen as this very
discretionary thing to a very strategic thing, as you
mentioned, the way to connect to customers or sales people or
data, things like that. We are in the midst of that inflection
point in government and it hasn't been fully realized. And I
think that, coupled with the cost pressure, the cybersecurity
pressure, and probably most importantly the expectations of
citizens, are going to drive a different behavior.
What I have probably noticed the most coming into
government is that we spend a lot of time focusing on a single
role, saying a CIO kind of owns this function, procurement
professional owns this function, CFO, human resources, et
cetera. And one of the things I am working very hard to instill
is across C-level conversation on these things.
When I ran the PortfolioStat process last summer, my agenda
with that process was not just to look at the IT portfolio and
sort of have an assessment there, but it was to get people
around the table and teach from the deputy secretary and all
the C-level executives how to run a private sector investment
review board meeting, how to actually take a look at all the
levers they can pull and how to make this strategic. So our
initial goal was really consolidation at that level, saying it
is unthinkable to run more than one email system if you are in
an agency, and many are running more than one. It is
unthinkable to run more than one other system. And so
encouraging them to drive that level of consolidation.
And then Joseph Jordan and I, the head of the Office of
Federal Procurement Policy, worked last year and launched the
Strategic Sourcing Leadership Council that is a group of C-
level executives from some of the largest agencies in
government representing the majority of our IT spend who are
right now working on a plan to do a minimum of those 15 systems
of consolidations. They are going to be reporting back to us in
the next month or two.
Chairman Issa. Thank you.
Mr. Cummings.
Mr. Cummings. Thank you very much. Mr. Chairman, I am glad
you asked Mr. Powner about the person at IRS that apparently is
doing it right. That is a good thing. I think it is important
that we highlight those people who come in and do the right
thing and do it well.
And that leads me to you, Mr. VanRoekel. When you were
talking about best practices and trying to put them into
policy, are we getting--you know, a lot of times people try to
guard their little turf. They feel like they are doing
everything right. And maybe they have been there for a while
and they see somebody like Terry McMillan, is it? What was the
name? Terry?
Mr. VanRoekel. Milholland.
Mr. Cummings. Milholland come along and they are resistant.
Do you find that to be a problem at all?
Mr. VanRoekel. Definitely we have many challenges in
government around moving the ball forward, embracing
innovation. I often will call it blinking light syndrome, where
people just love to own their own servers and have their own
thing, where they like the blinking lights of those servers.
Culture is an inhibitor. Past behavior and people saying, well,
that is the way we have always done it, I assume that is the
way we should always do it in the future, is definitely a
challenge we see.
Mr. Cummings. Are we getting the skills? Several people
have mentioned skill levels of people coming in. Are we getting
the kind of skilled people that we need to do the job? Because
certainly if you don't have the skills, you can be the blind
leading the blind and losing money and effectiveness at the
same time. I am just wondering. And if we are not getting those
kind of people, how do we go about getting them?
Mr. VanRoekel. In my many years in the private sector,
including a stint as Bill Gates' assistant and being by his
side and seeing some of the most fascinating, amazing people in
the technology field, probably the biggest surprise I have had
coming to government is the quality of some of the people in
government. And you find many of them around government who are
either yearning or doing things in amazingly innovative ways.
A lot of times it is about giving those people permission,
and I think that is the essence of good policy, is giving them
a permission slip to go innovate, to break the culture of the
way things have done in the past and move forward. I often hear
from people after I have issued some policy around doing
something massively differently than we have done before, they
run around their agency holding that in the air saying, see, I
can now do what I have been wanting to do, and that is creating
a nice dynamic.
We have also got, you know, there are people that have been
in government a long time, haven't maybe been trained to the
level of 21st-century ways of doing things, and we have worked
really hard to build new training mechanisms for them. And
probably the most impactful thing we have done in the last year
is we have launched what is called the Presidential Innovation
Fellows Program that actually does rotations of private sector
professionals in a non-conflicted way into government to work
side-by-side with public sector employees to work on innovation
challenges that the country is facing, but more importantly
teach them how to do things in a 21st-century way. And that has
beared incredible fruit.
Mr. Cummings. One of my concerns is cybersecurity. Do you
believe that the updates to FISMA might help OMB and DHS in
your efforts to ensure that the government information is
protected from cyber attacks?
Mr. VanRoekel. I think the essence of what we need to do is
really about flexibility. Cybersecurity threats are evolving
every day. New technology, new devices present new threats. And
having a mechanism like FISMA where you only do assessments on
a not very regular basis is a good check and balance, but it is
not the ultimate solution. And so I am probably most encouraged
about our work in the continuous monitoring areas that we
funded last year and are now starting to roll out this year.
And this is a great highlight of across-government shared
service where a procurement went out that is going to allow not
only the Federal government to take advantage, but State, local
and tribal are also eligible for this procurement to get volume
and scale in our buying power, to actually look at a consistent
view of cybersecurity threat monitoring across the government.
Mr. Cummings. My last question is you recently said that
you are encouraging agencies to evaluate the mission of their
agencies when evaluating how they will cut their budgets if
Congress does not pass legislation in time to avoid
sequestration, and this is what you said, and I quote.
``Cybersecurity is a top priority. When people are making the
right priorities to meet the mission of the agencies in the
most safe, secure and protecting citizens' privacy way, we will
make the right trade-offs I think to assure that this is
happening.'' And that is the end of the quote.
How could budget cuts impact cybersecurity initiatives and
how much do you worry about that?
Mr. VanRoekel. Well, I definitely worry about cybersecurity
all the time, and it is something we have to be ever vigilant
on, no matter what the budget situation is. And certainly
budget cuts may have some impact, unforeseen impact on that.
But the cybersecurity is a unique category of spend because it
is in everything we do. It is not just one line item on the
balance sheet. It is something that we look at and think about.
Across, you know, from your mobile device to your desktop to
your server room to your data center and everywhere in between,
cybersecurity is a factor. So as agencies are looking at
possible budget cuts, they have to look across that landscape
and say, if I cut this program, this element of cyber that is
associated with it may go away and does that change the dynamic
on what our cyber stance is. It certainly could be that case,
and we hope that is to be avoided.
Mr. Cummings. Thank you very much.
Mr. Mica. [presiding.] Thank the gentleman.
What we are going to do is they have called a vote, and I
guess we have about 12, 13 minutes. So I would like to ask a
few questions. We probably have time for one more on this side
to be fair. We go in order of seniority. And then we will come
back and pick up where we left off and the witnesses will
return.
Does staff know how many votes there are? Three votes. So
it will probably be almost a half-hour.
So with that, let me just ask a couple of questions,
recognize myself. Usually the components you need to be
successful are policy or a law in place, and then you have to
have the personnel to execute it, and then you have to buy the
right IT equipment to make this stuff work.
My first question would be, are there changes in law that
you would recommend that do not give you the ability to be
successful?
Mr. VanRoekel. I think there is definitely room within the
existing law on the policy side, implementation of people side,
that definitely allow us the flexibility to be successful. I
think the fact that we have----
Mr. Mica. So within existing law you have the authority by
law and ability to do what you need to do to be successful?
Mr. VanRoekel. I do believe so. The challenge I think we
face is probably around budgeting and thinking about how do
we--and I know this is not an appropriations hearing--but how
from a budget standpoint are IT dollars spent. One of our
inhibitors I think on implementation of IT is that oftentimes
for most agencies it is single-year spend, and without being
able to extend that----
Mr. Mica. Well, then there is something missing, too,
because you said you have people who have great ideas, very
great capabilities, but they don't proceed. So somewhere they
are not getting the policy which would either be set from your
level, which you just said when you give them the authority
they run around with the paper. So somewhere we are missing the
ability to move forward.
The second thing, Mr. Powner, on the IRS, you mentioned
IRS, and we get into personnel. And Mr. Cummings I think
mentioned this too. You have got to have the best personnel.
You said we have many of them, but sometimes we have turnover,
we don't keep them or we don't attract them.
When this committee worked on some reform of IRS, years ago
I worked on that, one of the problems we had, we had these very
expensive IT systems and computer, massive operations, but we
weren't retaining, able to recruit or maintaining and keeping
folks that could do this work. We came back and changed the
parameters of being able to hire people. Sometimes in the
private sector you can make three and four times what we were
paying them. So do we have the ability to hire people and pay
them and retain them, from your experience?
Mr. Powner. Yeah, IRS is a good example. And you are right,
they were the poster child for years, and then there was a fair
amount of congressional interaction and there was critical
positions pay granted at IRS, and a number of those positions
were granted towards the IT professionals. So their pay was
bumped up. And then also when you mention about continuity of
leadership, over the last nine years they have had two CIOs.
One was there for 4 years, he is the current CIO at DHS, and
the current one has been there for more than 4. So the turnover
is a big deal.
Mr. Mica. I know we did that for IRS, and I know I worked
on something for a CFO actually in Transportation because we
couldn't get one or retain one. Government-wide, though, do we
still have a problem as far as this personnel issue and the
flexibility to retain and pay people?
Mr. Powner. Turnover is a big deal, because currently I
think the average CIO, it is around 2 years and they are in and
out, and that varies a little bit depending on how you break it
down by political appointees and career, but not much. But on
average it is about a 2-year turnover.
Mr. Mica. What do you think, Mr. VanRoekel?
Mr. VanRoekel. Yeah, I think there is quite a bit of
turnover. But the essence of a lot of what we try to do is
institutionalize best behavior and best practices in a way that
will kind of mitigate some of the turnover.
Mr. Mica. We can look at that. And then if you said DOD has
$2.2 billion worth of potential savings, is that what you said,
identified?
Mr. Powner. Yes. That was when you look at their data
center consolidation efforts, their current plan projects $2.2
billion in savings.
Mr. Mica. And why isn't that moving forward, or is it?
Mr. VanRoekel. It is moving forward. In their last public
budget submission, they represented I think around or slightly
over $300 million in saving.
Mr. Mica. But the balance of the Federal government is $3
billion identified in savings. That billion just beyond defense
doesn't seem realistic. I think there is probably a lot more
room, wouldn't you agree?
Mr. VanRoekel. I think we are at the tip of the iceberg on
some of this, yes.
Mr. Mica. Okay. And finally, maybe for the committee you
could submit--now, I am fascinated by Obamacare. I just came
from Transportation, government buildings. They came to us. I
guess we passed the law that allowed them to acquire a building
to house 5,000 bureaucrats, just the folks that are going to be
administrating Obamacare. I am interested to know, they are
going to have to set up IT systems and everything, maybe you
could provide the committee with information that you have on
where they are going with that.
This is going to be a huge agency, a huge operation and
requiring a lot of IT investment. Maybe you could share that
with the committee. I will ask you. You don't have to respond.
Mr. Mica. Mrs. Maloney?
Mrs. Maloney. First of all, thank you very much. I want to
ask a question about the Office of Financial Research, which
was created under Dodd-Frank, and the purpose of it was to have
the authority to collect data across the industry to look for
systemic risk. So when you are talking about these data
systems, they are put in place in many ways to save money. So
taking out elements of them and whatever may hinder their
ability, obviously if we had had such a system that could have
foreseen the systemic risk and taken steps to prevent the
subprime crisis and other credit default swaps and other
instruments that were rocking our economy. I want to note that
the chairman and I during this committee did a series of
amendments trying to really legislate parts of the Office of
Financial Research, so this is a bipartisan effort.
But my question is, what factors go into determining which
data centers will be closed? Certainly someone thought they
were important to begin in the first place. And if you do close
one, is there an appeal process where the agency or others can
say you are telling us to close three data systems, but these
are three or four elements that we think are going to save
money in the long run, save lives or prevent financial crises.
So how is that happening? Obviously you could go in and
say, well, close down all the data systems, we are going to
save money. But actually they are put in place for many
reasons, one of which is to save money and to manage government
better.
Mr. VanRoekel. Right. This is the essence of why I like to
focus on data center optimization versus just closures. One of
the reasons data centers that exist today in the Federal
portfolio are inefficient is because of the way we use the data
center itself versus what is actually running in the data
center. The way IT has grown up, it is very inefficient to use
single servers in data centers for single functions. New
technology allows you to run multiple functions on single
machines at a much lower cost than you have seen in the past.
So in essence we are going to optimize and close data centers
by shifting the resources of one to other ones, to more
efficient data centers, not taking away services, not
deprecating any service that we provide. And if anything, while
we make that shift, we actually modernize those systems to
provide even better service. So it is a really nice opportunity
to build efficiency and effectiveness at a much lower cost.
Mrs. Maloney. Well, your statement and Mr. Davis' and
others, I agree completely that cybersecurity is a national
security concern and it should and is a bipartisan concern. And
if there was one area that we should be moving swiftly on, it
is cybersecurity. It is not only hitting the Pentagon, but
financial institutions, trade institutions, commercial
institutions. It is everywhere and every day, and countries
have complete government agencies out there just going after
our information.
The fight before us reminds me very much of the
intelligence fight we had after 9/11. It was basically a turf
fight. No one wanted to give up turf. We were told our basic
problem was a lack of up-to-date intelligence. We had to create
better interagency talking and preventive methods to make our
country safer.
And we have a turf battle now on cybersecurity. No one
wants to give up their turf. Obviously OMB is the enforcer, but
you need an agency that comes in and pulls all of this together
and forces these agencies to work together, talk together, move
together, to do that.
What agency do you think would be the best lead agency if
we were going to pull everyone together? I think we have a
huge, huge turf battle that is preventing us from going
forward.
Mr. VanRoekel. We have done a lot to move the ball forward
on thinking about coordination in the cyber realm. And we take
it sort of in two views. One is the classified network side,
and then one is the public network side, the unclassified side.
I am a chair member on a safeguarding committee that looks at
the classified side and we should have another venue in which
we talk about some of that.
On the unclassified side, we have made the decision and
worked very closely with Department of Homeland Security to
provide the cyber capabilities, operationalize the cyber
capabilities of the Government along with OMB and the White
House to focus on what our capabilities are on cyber. So they
run incident response through a group called US-CERT, the Cyber
Emergency Response Team. They are leading the charge on the
implementation of the government-wide continuous monitoring
system, and then they work with us on CyberStat reviews which
are going out and implementing FISMA, but a more regular touch
base on cyber capabilities at the agency level. And I think we
have done a lot there, along with the CIO Council, to
coordinate our cyber activities in a way that I feel very
confident that we are making not only good progress, but great
progress on.
Mr. Mica. There is one minute left in the vote. We will
recess at this time. I would ask both of the witnesses if you
would stay in recess and then be available, we will see if
there are future questions.
The committee stands in recess.
[Recess.]
Chairman Issa. [Presiding] Earlier, when I talked to Mr.
Davis, as a friend and mentor, I did sort of badger him on the
question of, for example, 40 CIOs at DOJ. I would like to
revisit that again.
The term CIO, one that you have, what is it supposed to
mean? And do we, in fact, find another title for people who are
less than the CIO and, in fact, those who either don't have
budget authority or who receive their budget authority as a
subset of somebody else who has budget authority? If you would
like to comment on that.
Mr. VanRoekel. Yes. As Mr. Davis said, I think it is not
necessarily just a titling problem or opportunity that we maybe
have in front of us. The title of CIO, it varies in many
agencies. I think the thing that we need to examine as a tech
community in looking at Federal IT is really the role and
responsibility of the CIO and the CIO's organization across the
enterprise. You know, there are many agencies where the person
at the top of the org chart has less budget and less authority
than they maybe had when they were a subcomponent agency CIO.
And so we see challenges there, challenges in governance,
challenges in the ability to have influence and visibility
across the entire IT portfolio.
The very first memo I issued in my job when I took over for
Mr. Kundra----
Chairman Issa. Is this the 25-point plan?
Mr. VanRoekel. No. I did inherit that, which is great. But
the first memo I issued was a memo that actually addressed CIO
authorities and brought to bear new OMB guidance that CIOs need
to be more empowered in agencies to make decisions around
commodity IT and things like that across the agency. And so
many agencies are operational I think now.
Chairman Issa. And I think, rightfully so, you know, the
question of portfolio is a big part of the answer to the
question.
But let me ask a different question. To a certain extent,
don't we have a proliferation of CIO as a title because it also
comes with pay; that is, an expectation that, you know, that
you can't get somebody above a given level unless you give them
that title, and by creating that title, you create, quite
frankly, a more expensive employee?
Mr. VanRoekel. I think pay could be a factor there.
Chairman Issa. By the way, just so you know, my limited
experience outside of Congress was trying to get a clerk-typist
to be, first, a secretary and then a stenographer. It was the
same person, worked for the same colonel, but he wanted to pay
her more, while I was in the military. I am very aware that
titles, in fact, change pay. And so when you say ``could be,''
I am presuming you say almost inevitably must be in some cases.
Mr. VanRoekel. I just think there are other factors that
play out in the Federal landscape. Having come from the private
sector as I did and the position I was in before I came here, I
certainly didn't take this job for pay, even though I am the
highest ranking CIO, conceivably, in the Federal government. It
was more about the scope of responsibility.
I think oftentimes that that title comes with a lot of
responsibility. And thinking to the concept of I want to get
the best person either inside government or outside government
to take the job, the title actually matters because it equates
to the scope of the responsibility related there. Look at the
Department of Transportation as an example. I would certainly
want someone looking over the FAA to be a CIO, to be a person
that has actually got that title and that authority.
Chairman Issa. But do you think the DOT has 35 such needs?
Mr. VanRoekel. I think the essence there is good
governance, good policy inside the agency. You mentioned the
Department of Justice. After we----
Chairman Issa. Yeah, they top the list with 40.
Mr. VanRoekel. Yeah, they do. And after we issued the
guidance on the Department of Justice, every dollar spent
within the agency on IT, even at the level of purchase cards,
goes across the desk of the main CIO in the Department of
Justice. So they now have spending transparently and have built
mechanisms to do that spend based on the guidance I issued,
which is about the ability to manage and govern spending at
that agency. So I think it is not a titling problem, it is a
governance and management problem.
Chairman Issa. I hope you are right. And I am going to go
to the gentleman from Texas. But I might mention that since
they don't seem to be able to read wiretap warrants to find out
that, in fact, they would expose wrongdoing at ATF under their
watch, I would suggest that they probably aren't looking at
every credit card receipt all that well.
Mr. Farenthold?
Mr. Farenthold. And I want to expand a little bit on that,
and on the Dashboard system, in particular. I am concerned we
have a system here of garbage in, garbage out. And what kind of
checks and balances do we have to make sure that we are getting
good data in there? Is it just coming from the agencies? Do we
have some sort of, you know, other checks and balances?
Mr. Powner. So a couple things. That is a legitimate
concern, and we see it varies by agency. So we have issued
numerous reports looking at the accuracy and reliability of
what is going into those Dashboard ratings. The good news is
over time we see that accuracy improving. But we still have
some agencies that aren't as accurate as we need them to be.
Obviously, it is on the CIOs at those agencies to ensure
that we have accurate reporting. OMB plays a key role. If they
see something that raises red flags, you know, they can pick up
the phone and make sure that we have better accuracy there. And
we will continue to that do in our work for the Congress,
looking at the accuracy.
Mr. Farenthold. Is there something we can do to help
improve that?
Mr. Powner. Sure, there are some things you could do, I
think, with your oversight. You can look at the Dashboard right
now and you could look at some rather large departments and
agencies and you see zero high-risk investments, similar to
DOD. And some of these are large departments and agencies. And
I think congressional hearings such as this where you have
panels of those agencies that have zero reds would be a good
thing.
Mr. Farenthold. All right. Let's talk a little bit, Mr.
VanRoekel, you worked for Microsoft for a while. And I think
part of the problem that we have here is when we are buying
things, how we are specifying them and how we are deciding what
we need and how it is all happening. You know, in the consumer
market, and small, medium, and even to some degree large
business market, Microsoft dictated what the standard was.
Industry said: This is our product, do with it as you may.
In the government, you tend to have the government come up
with all of these detailed specifications for stuff that has to
be custom coded or whatever. And then you look at probably the
biggest success story coming out of the government, which was
the Internet, which came out of DARPA, and it was a
collaborative, almost open-systems sort of thing.
Is there a way we can adopt the Internet model for
developing the overall computing scheme of the government
rather than having all these different agencies come up with
all of these different technical standards, or relying on
manufacturers saying, this is what our product is, take it or
leave it?
Mr. VanRoekel. Yeah, I think the normal motion in the
government in the past has been one where you say, well, I am
faced with some challenge, some opportunity to build some
system. You do one of two things, and you highlighted one of
them. I think one is you go out and buy packaged software that
exists and then you hire an integrator to try to glue it all
together to come up with some solution. Or what you do is your
requirements are so unique, exactly to your point, you describe
this very monolithic, big solution and you have someone try to
build it from scratch.
And the problem with both of those approaches is that the
risk surface is so incredibly high, and the outcome of that
effort is not realized until much farther down the road. If you
think about a quarterback throwing the long ball, you know,
that you have a much higher likelihood that that thing is going
to not be caught or intercepted, or it is just very, very
risky, versus a 4-yard pass down the road. We have a lot more
product managers in government that can throw the 4-yard pass
that can actually architect a long-ball pass.
And so what we need to do and what we have proposed in
policy and what we are doing working with the industry is to
really scope a modular approach, to say, you know, we don't
need to build these big monolithic things, we don't need to
absorb that much risk on the side of government. What we need
to do is build smaller solutions that interoperate and work
with each other. The private sector has been doing this for
years, the government has not. And we are working with the
private sector on developing that.
Mr. Farenthold. And I think one of the struggles we have in
the government is getting--I mean, we have got some good people
here. But we don't offer what--you go in the private sector,
you have got a great idea for doing something or solving a
problem, you work out of your garage for a while, and then you
have an IPO and then you are Steve Jobs. Pardon me for me going
right after your one of your former employer's biggest
competitors.
But is there a solution, maybe, again, going back to the
Internet model, of having some of our standards and solutions
developed in the academic field, rather than, you know, trying
to get it done with employees, many of whom are really looking
for the long term, you know, to be the next Mark Zuckerberg?
Mr. VanRoekel. Yeah. I think the approach we are seeing
emerge in government is something that is encapsulated in a
strategy I published last summer called the digital strategy
for the 21st century government. And what it basically
prescribes is exactly that, using open standards, open-source
software and other approaches to say there is a new way of
building these solutions where you can have data
interoperability across agencies, you can have system
interoperability, that when we build solutions within
government, we should built it once and use it many times,
versus using these siloed approaches.
So if you look at the use of technologies like GitHub,
where we are now sharing code across government, some of our
best practices work and some of the solutions we are building,
this is the approach that I think is going to be the new
default within government.
Almost every project that I have text added in government
where I can have a face-to-face meeting with a project that is
going awry, I have recommended they go to this modular
approach, and then in every single case it has turned out well.
Mr. Farenthold. I am out of time. We could go on for a long
time. Maybe I will----
Chairman Issa. Call your own hearing on this. I thank the
gentleman.
We now go to the gentlelady from the District of Columbia,
Ms. Holmes Norton.
Ms. Norton. Thank you, Mr. Chairman. I wanted to get back
to get some clarification on savings. You know, this Congress
is very interested in savings, for good reason. And we know
that there should be an incentive to use cloud first, we know
it is the government's policy, because you pay for the service
you use. And yet we have contrarian responses. There are some
agencies, apparently, where it would be cheaper to stay with a
data center. I don't understand why. But that is apparently the
case. But I was, frankly, shocked to read a column yesterday
about--here's a figure that was in the column. It's called ``My
Cup of IT,'' Steve O'Keefe. ``GAO tells us Feds spend 69
percent of the $81 billion IT budget on hospice care for
geriatric systems,'' you know.
Let's leave aside his characterization for the moment. But
it would seem to imply that these systems are long past their
usable lives. And yet it looks like the lion's share of money
is spent on propping them up.
Why aren't agencies rushing toward cloud, saving themselves
money, and doing what the government's policy says they should
be doing in the first place? Either one of you can answer that
question. I would appreciate it.
Mr. VanRoekel. I will take the first take on it. I think
the challenge that we often face is the capital expenditure it
takes to make the transformation. You often can't just pick up
a system you have----
Ms. Norton. Well, of course.
Mr. VanRoekel. --and just move it to the cloud, you
actually have to spend money to do that.
Ms. Norton. So is the administration budgeting for capital
expenditure?
Mr. VanRoekel. In many cases we are. But in this fiscal
environment, my approach has been, let's go find savings where
we can, where we find low-hanging fruit, and then reinvest
those savings. So my budget guidance I put out to agencies, for
example, was to cut 10 percent of their IT budget in targeted
areas. And I gave them the target areas, things around we've
just been discussing today, commodity IT and other places where
it doesn't take that capital lever to move. And then I, to net
to a 5 percent down, I gave them 5 percent of that 10 back to
say, okay, now this is capital you should be investing in these
new areas. And the new areas should be focused on systems
modernization, cybersecurity, employee productivity or citizen-
facing services, making those run in a better way.
And then I ran the portfolio set process to help them find
that 10 percent within their agency in a very data-driven way.
We went and analyzed all the commodity IT systems they were
running and things. And so this is a spirit that I am trying to
inject into government.
Ms. Norton. Because it looks like for sometime now there is
not going to be the capital. I mean, the cloud is an ideal. A
cloud is what we would like to see. But let's face it, like so
much of IT, if it takes heavy capital investment, it just can't
happen for some time. It is going to happen very gradually.
Isn't that so?
Mr. VanRoekel. That is right. Unless you inspire this let's
examine what's working, what's not working, take what's not
working, cut it, and then move it in.
Ms. Norton. Have you all ever done a cost benefit? I mean,
would it be worth it to speed it up because of the savings? Or
is this just not something we could bring money to bear on at
this time, no matter what?
Mr. VanRoekel. In certain cases, definitely, it would be.
It would be advantageous. But what you have to be careful about
is looking at the--you don't want to just take bad behavior
that is local and move it, that bad behavior, to the cloud. You
should think about, how am I re-architecting these systems? And
that's part of the underlying work we are doing, thinking about
these open architectures and modular design and things that are
going to be evolutionary as well as revolutionary in there.
Ms. Norton. What kinds of agencies are there where it would
be cheaper to stay with a data center than to go to the cloud?
Mr. VanRoekel. In an aggregate world, I don't think it is
cheaper in many cases that they would not be running to the
cloud provider. Where it is more around, do I have the money
today to invest to move that capital expenditure? And I think
the cheapness equation comes in a single-year view, because
that is the way we budget in many agencies, versus the long
year. We often see this with Federal real estate, where it
would be cheaper to buy a new building than rent an expensive
building or things like that, where the capital expenditure to
move is challenging.
Ms. Norton. Thank you, Mr. Chairman. My only concern is, if
these systems are really as old and presumably unreliable as is
implied by this columnist, I really do wonder about
cybersecurity and about investing in cybersecurity in such old
systems only to have to reinvest it when the cloud comes.
Chairman Issa. If the gentlelady would yield?
Ms. Norton. I would be glad to yield to the chairman.
Chairman Issa. Perhaps there is one salient point that you
would appreciate, but 75 percent or so of the budget is spent
on legacy systems, some of them are so internal and can only be
run locally and they are operating on obsolete computers and
obsolete operating systems and they are written in COBOL, they
are written in Fortran, they are not able to process through
the cloud at all. They are pretty much hack-proof. That is the
one good part, is they don't go into cyberspace. Therefore,
they actually----
Ms. Norton. You mean all that hacking is done on only cloud
systems that we read about every other day?
Chairman Issa. Well, I think the gentleman would probably
tell you that some of the systems he looks at do not, in fact,
have a portal for remote access through an Internet-based
process.
Mr. VanRoekel. That is right.
Chairman Issa. That is not the good part. I am just saying,
it is so bad that hackers can't even bother to go back. There
are aren't old enough hackers for it, perhaps.
Ms. Norton. Be grateful for small favors.
Chairman Issa. If the gentleman from Virginia would give me
a dispensation, the gentlelady from Illinois and the gentleman
from--where the heck are you from?
Mr. Pocan. Wisconsin.
Chairman Issa. Wisconsin, Madison, Wisconsin, returned so
promptly, would you mind if I took one of them first?
Mr. Connolly. Go right ahead, Mr. Chairman. I was just
going to say, thank you for making that point, though. Who knew
that actually obsolete and antiquated systems were helping in
the fight against cyberattacks? Thank you.
Chairman Issa. You two figure out which one of you go. The
gentlelady is recognized. Smart move.
Ms. Duckworth. Thank you, Mr. Chairman. So I hope to build
on the bipartisan nature that you have started these hearings
today with.
My question, which is really one coming from a freshman
Democrat who is concerned about a Governor's rights and States'
right. Specifically, 95 percent of our military support to
civilians within the homeland is conducted at the State level
through State active-duty status, which is funded out of State
coffers or Title 32-funded State missions which are Federally
funded. I am concerned about a Governor's ability to command
and control his forces, such as during a natural disaster, if
we defund his State IT network and attempt to replace it with a
Federal solution that may prioritize Federal military missions
over National Guard homeland domestic operations. I am
concerned that building a new Federal solution, such as an IT
backbone, purchase of routers, the like, could be more costly
than continuing to fund existing IT solutions that the States
have already built to meet their specific mission requirements.
Louisiana and New Jersey have very different needs than my
home State of Illinois, although some remain the same. And they
have different commercial IT networks that can be leveraged. I
would like to see Federal and State Governments leverage
existing commercial networks for cost savings wherever possible
rather than pay to build new solutions.
I am also weary of infringing on a Governor's ability to
command his or her National Guard forces. As I see it,
consolidating of IT is a great thing, but it does set up a
tension between the DOD Federal priorities and the State
priorities. You know, it works well to consolidate for Federal
Title 10 mission support, but tends to prioritize the
Governor's National Guard forces below active component for
funds. This low priority threatens the ability of Guard forces
to respond to and coordinate efforts and really for the
Governor to remain in control of his or her State active duty
and Title 32 forces.
So I have two questions and either gentleman can choose to
answer. The first question is this: How does the centralized
Federal IT acquisition process support military operations at
the State level?
And my follow-on question is, are there any safeguards that
would ensure that State IT requirements, missions, such as
under State active duty or Title 32 missions, can be given the
same priority as the Federal forces under Title 10? Thank you.
Chairman Issa. Clearly, the gentlelady is not new to asking
questions.
Mr. VanRoekel. I am not a subject matter expert on the
tactical aspects of technology deployment at the State level.
So especially the second question, I think I would love to take
back for the record and get you a response that is much better
than one I would postulate myself.
But on the first, the military at the State level and
thinking about integrated acquisition at that level, one of the
things I think we do pretty well and are getting much better at
is setting up more centralized requirement gathering. You know,
one of the main challenges we see, both on the Federal side and
the private sector side working with the Federal government to
supply services, is the unpredictability. You know, when we are
unpredictable in our procurement of cloud computing, for
example, prices tend to go up, variability in cyber protection
goes up, and other challenges are presented.
So I will definitely work with the Office of Federal
Procurement Policy and DOD to get you an answer to this. But I
think the essence of this is going to be around not necessarily
just setting up a one-size-fits-all for the entire country, but
more around, you know, how are we coming together as a
community to solve a common mission purpose around a set of
predictable requirements but flexible requirements that allow
variability at the State level, I think is essential.
Ms. Duckworth. And I think it is a very specific case, a
very narrow situation. You rarely have this type of situation
where it is the same unit, entity that has both a Federal and a
State mission. I just want to make sure that we are not
infringing on a Governor's right to control his or her forces
when they are under that State active duty or Title 32 and to
make sure that that is given the same priority by DOD. Because
if DOD gets access or control over the funds, the acquisition
funds for the entire military, including Guard, they will
naturally, I would assume, prioritize Title 10 or active-duty
missions over the equally important State missions. And I just
want to make sure that there is some way to ensure that those
State requirements, as set forth by the Governor, are well
respected.
Mr. VanRoekel. Great.
Chairman Issa. Would the gentlelady yield for just a
second?
Ms. Duckworth. Gladly, sir.
Chairman Issa. When you are answering her question, would
you sort of try to the best extent you can include how we best
leverage, either through this act or other things that you are
currently doing, the dollars being spent federally being made
available, if you will, for cheap or free to the States? In
other words, our procurement falling to their benefit, and
particularly if you look at source code, where a State may
choose to modify the software but they have to be able to get
the software and source code basically at no cost for the
Federal use and then be able to add on their hooks for the
State. And I think that is a big part of what the gentlelady is
speaking about. If you could answer how you envision that, I
think the committee would appreciate it.
Thank you. We now go to the gentleman from Virginia for
five minutes.
Mr. Connolly. Thank you, Mr. Chairman.
I am going to ask three categories of questions. And I am
going to do it as fast as I can. And I ask you to be as fast as
you can.
Process. It seems to me that when you compare it to the
private sector, the Federal process is hopelessly out of date
and not at all suited for this kind of IT procurement. You
know, you have got long lead times. By the time we have figured
out the RFP, we have figured out the contract award process, we
have awarded the contract, we have set the terms, we have dealt
with the protests, the technology has already passed us by. Or
the mission, technologically, has been redefined necessarily.
And we don't seem to be very flexible in addressing that. And
that is to say nothing of the fact that, you know, we have this
stovepipe process all over the place.
The Chairman has pointed out that we have 243 CEOs. That
sounds likes way too many. What could go wrong with that in
terms of accountability, a point of decision making? It seems
almost a system to make sure there is no accountability.
Your comments, both of you, on process?
Mr. Powner. That is a very valid point on the long lead
times. And if you look at many of these large acquisitions, the
time between major milestones sometimes is years. And that is
still the case. I think Steve's comments earlier about modular
development, we need to have the procurement side of the house
align with the technology side of the house. So modular
contracting along with development is clearly where we need to
go so that we can get a bit more modern here in the Federal
government.
When you look at the CIO issue, yeah, there are a lot of
CIOs across the Federal government. The thing we like, and we
have been looking at large-scale IT acquisition problems for
years now at the Government Accountability Office, is having
the Dashboard where you have a single CIO accountable at these
major departments and agencies that allows you to go someplace
and get questions answered. And that actually caused a lot of
problems when the Dashboard was rolled out because there wasn't
a single person to go to and there was a lot of scrambling that
needs to go on to get status. And we are still probably feeling
the effects of that. We like that model where there is a single
CIO, where you have other CIOs, where you figure out the
reporting. That is what is really needed.
Mr. Connolly. Okay. Mr. VanRoekel?
Mr. VanRoekel. I think on your two points, first, the
process on long lead, I couldn't agree more on that is a big
challenge. I think part of solution to this is in existing law
and exists in the realm of myth-busting, where we are
explaining to agencies there are new ways and new approaches of
doing this. The two that are most encouraging to me are, one,
are just flexible contracts, having an open contract where,
when you need a resource and you need a developer to develop
some solution, you need something done, you can call upon them
and bill as you go. We have seen that as a great model.
The second is modular contracting, as Mr. Powner said.
Getting agencies to embrace modularity, smaller deliverables
that can be done in a much faster pace really ups the level of
both quality and agility on their ability to deliver. Joe
Jordan and I delivered just in 2012 modular contracting
guidance for agencies that is new policy around teaching both
the acquisition community and the IT community how to deliver
on modular.
On the number of CIOs, I think from a titling perspective,
we have a lot of CIOs. And I think there are many cases where
there is span-of-control and some government challenges that we
need to get our arms around, thus, the first memo I issued out
of my office that went right to the heart of this.
I think part of the solution to that is, first, getting all
those CIOs out of the job of things that should be centralized
across their agency. You know, having multiple email systems in
an agency doesn't make sense; you should run one. Having
multiple----
Mr. Connolly. When you were at our field forum, I thought
you said that one agency had, like, 36 emails systems?
Mr. VanRoekel. Yeah. Over 20 I think is what I said. And
that same agency, over 1,000 mobile contracts. They now have
one. It is one email system. It is a third of the cost. And the
1,000 mobile contracts went to a few blanket purchase ones,
which is massive. So if you get CIOs at the fringe out of the
business of managing that commodities stuff and more focused on
the mission of their division or their agency or their bureau,
you can really up the quality of the citizen services and the
effectiveness of that agency. And that is part of the magic of
the mix.
Mr. Connolly. I am going to run out of time, so I am not
going to get to all three of the things that I think the
chairman and I are both trying to look at in the legislation,
unless the Chairman wants to be a little generous here. I am
trying to lay some intellectual----
Chairman Issa. Start asking before you run out of time.
I ask unanimous consent the gentleman have an additional
minute. Without objection, so ordered.
Mr. Connolly. I thank the chair.
Tom Davis testified about procurement personnel, that that
is one of our problems, the lack of skill set. Often the person
selling has a higher skill set than the person purchasing. Your
views about that problem in the Federal government?
Mr. VanRoekel. I agree that that is a challenge. You often
have the person doing innovation in an agency, not the person
that also purchases. And there is a divide there.
What we are encouraging--and this is coming straight out of
the Office of Federal Procurement Policy--is, first, is
integrated program teams. Getting those communities' human
capital, acquisitions, IT, finance, and others sitting around
the table, as I mentioned earlier, and getting involved with
integrated acquisition teams on specific projects that are of
high priority is just so essential, to have everyone sitting
around the table.
And the second is IT acquisition cadres, getting areas of
expertise and specialization within agencies that can focus on
certain solutions or certain challenges. You know, negotiating
a very effective mobile contract with a mobile carrier is not
easy and there is some complexity in that. If you have a team
in government that focuses on it and thinks about it, that is a
recipe for success.
Chairman Issa. I think the gentleman.
Mr. Connolly. I thank the chair.
Chairman Issa. We now recognize the gentlelady from Wyoming
for her questions.
Mrs. Lummis. Thank you, Mr. Chairman.
And, Mr. Powner, I apologize if this question has already
been brought up in my absence. But my question is, we know that
agencies are supposed to analyze legacy systems and try to keep
ahead of the technology curve, but we also understand from
GAO's work that many are not doing that.
Can you describe the extent of that problem and perhaps
include in your answer roughly how many billions are being
spent on IT programs for which we have no analysis of where the
agency is on its technology curve?
Mr. Powner. Well, let's just talk about framing how much we
spend on legacy systems. So of the $80 billion, roughly, you
have $55 billion, or 70 percent is being spent on legacy
systems.
There is a very good requirement that OMB has that on an
annual basis each of the legacy systems need to be evaluated.
And, basically, what it asks for is this: Is it continuing to
meet the mission needs? And can it be done in a much more
efficient way? So with the discussion we had prior about going
to the cloud, perhaps we can go to the cloud and do it much
cheaper.
There are also things we can do with back-end systems. If
you really went in and analyzed some of these old archaic
legacy systems, there are tweaks we could do to make that pot
of $55 billion, we could spend that much more efficiently going
forward. Cloud is clearly one way to get there.
What we did is we looked at a small sample. We looked at
five agencies in the review that you are talking about. And
what we saw was, the Department of Homeland Security and Health
and Human Services, they actually had a policy and they were
doing these operational analyses. Now, they weren't doing them
well in all cases, but they had a policy and they were doing
them. We had agencies like DOD, VA, and Treasury, no policy. In
the year that we looked at, they didn't do a single operational
analysis.
So what we found in our little samples, we had about $3
billion in systems that were not evaluated. So that $3 billion
investment, technically, that could have been invested much
more efficiently if we looked at that in the appropriate
manner.
Mrs. Lummis. Thank you.
And a follow-up for Mr. VanRoekel. So knowing that--and I
assume this is not new information to you--knowing that, what
is your plan for all agencies to complete operational analysis?
And when should we expect full compliance? And I say that with
the caveat that we have been waiting for a clean audit from DOD
forever. They have never had one. And so now to hear that DOD
is one of the agencies that has not completed this analysis is
not surprising either. But do you have a plan to get these
people onboard?
Mr. VanRoekel. So it is our expectation that both through
our policy and accountability mechanisms that agencies will
step up. And we have made a lot of improvements, as I think has
been highlighted a little bit here today on IT Dashboard, to
expose some of the areas where we think the quality of the
information that is being submitted isn't there or it is just
lacking altogether.
One of the features that we have added is data quality
reports that actually look at, if a date is unrealistic, if
numbers don't line up, if due dates are too far out, that is
actually now highlighted on the IT Dashboard to build a level
of accountability for these agencies. That, coupled with our
budget guidance, which is putting a lot of pressure on agencies
to really examine these legacy systems, I think are elements of
how we are going to get there.
You know, something I used every day because I was part of
a team that ran a pretty large P&L within the private sector
company I was a part of, was depreciation. You know, we thought
every day about, how do we wind down the things we have done in
the past in order to fund the things going forward?
You know, we used our balance sheet as a strategic tool. In
the public sector, we tend to use the balance sheet just as an
auditing tool, just to check back on how we have done. And a
clean audit is success, versus are we properly managing this
turnover of old and giving to new, stealing from the OPEX
column to give to the CAPEX column. So the budget guidance gets
right to the heart of this, and I think will inspire more
action than actually doing oversight assessments through the IT
Dashboard. By telling agencies you need to cut 10 percent and
you need to take 5 percent of that and put it back into the top
of your priority list, I think we will start to see more
turnover. And definitely from a trending analysis, looking at
where the old system support is going, we are now starting to
see it, which is very encouraging.
Mrs. Lummis. And, Mr. Chairman, one more question.
For either of you, have you seen a State that represents
the best practice among States in getting a handle on these
same issues? I know in my State, I was in all three branches of
State government during different times in my life. And in
every branch of State government, we struggled with these very
issues, especially in the executive branch.
So is there a State that is the leader in this that even
the Federal government could look to for some streamlining?
Chairman Issa. If you say Wyoming, you will get a lot of
points here. Illinois will work, too. Southern California.
Mr. Powner. I don't know if I can point to one State, but I
will say this, because we do a lot of work with the National
Association of State CIOs. And I think when you look at the
budget situation in a number of States across the country, they
were forced to consolidate data centers. They had no choice.
Things were getting cut and they needed to find ways to lower
their overall budgets.
So there are a number of states that I am aware of through
the National Association of State CIOs, but they face very
similar problems. They are trying to put in place Dashboards so
they get better performance on their large acquisitions. But I
do think you will see many success stories at the State level
on data center consolidation.
Mr. VanRoekel. And the other thing we are seeing at the
State level is groups of States now getting together and saying
let's create a regional authority to look at sharing
procurement, sharing technology, and sharing other things. And
that has been very successful as well.
Chairman Issa. Excellent.
Mr. Pocan?
Mrs. Lummis. Thank you, Mr. Chairman. I yield back.
Chairman Issa. I would say so.
Mr. Pocan. Thank you, Mr. Chairman. And thank you,
gentlemen.
I am going just going to ask one question and then I am
going to try to yield my time back to Mr. Connolly so he can
get his third question in.
Mr. Powner, I know there has been some progress made in
consolidating data centers, but your GAO report highlighted
that many agencies have failed to produce complete data center
inventories and plans and the vast majority even the basic
requirements, such as schedules and cost estimates. And that
without these plans and inventory there is a lack of
consistency among agencies, it is difficult to summarize
projections. I was just wondering, based on your research, why
are so many agencies failing to complete these requirements?
Mr. Powner. So a couple comments here. We looked two
periods of time looking at data center consolidation
inventories and plans. And you are right, the last time we
looked, the last we reported, there were three agencies that
had complete inventories, that was SSA, HUD, and National
Science Foundation. And then only one agency had a complete
plan when you look at the requirements that were laid out by
OMB, and that was the Department of Commerce.
Some agencies, like DOD, really struggle to get their arms
around their inventories. It is somewhat expected. But our
point is that you need to keep on, on the task, make sure that
you identify all those centers that are out there so that you
can look to optimize, consolidate, and ultimately save money.
There has been a lot of good work. I mean, we now know
there are almost 3,000 data centers across the Federal
government. There has been this goal to close about 1,200 of
them. Ultimately, you want to get to a point where you get away
from the inventories and plans and you get down to the action
on actual optimization and consolidation. And that is really
what we are looking with our recommendations going forward.
With sound baselines, that is clear. But ultimately, it is
about the actions. And that is why I say when you look at the
ultimate performance metric on data center consolidation,
whether you are talking consolidation, optimization, it is
dollar savings. And if DOD says there is $2.2 billion, there is
probably more than that. And I think the estimate of $3 billion
that OMB has, it is likely more than that also.
Mr. Pocan. Thank you. And then I would just like to yield
my time to Mr. Connolly.
Mr. Connolly. I thank my colleague.
And the third set of questions I wanted to ask, again
referring to the testimony of our former colleague, the
chairman former chairman of this committee, Tom Davis, he
talked about how budgets matter, especially when we put
ourselves on a continuing resolution. He actually said it
stifles innovation, it sets us back in terms of thoughtful
Federal IT procurement.
I want to give you both an opportunity to comment on that,
your views about that.
Mr. VanRoekel. When I was in the private sector
implementing solutions in technology or even building products,
about 2 days after the beginning of the fiscal year we would
get our full year budget. And of course we had to make
adjustments based on quarterly returns and things, since we
were a large enough division to affect the stock price and
other parts of the balance sheet.
But in large part, we were able to predict, you know, not
only what our operating budget was that year, but based on
certain other parameters we could make investments that were
around solutions that were going out into out years. I could
say I am going to incubate a product, I am going build it, and
it is going to take 4 years to do it, but it is going to have
this much ROI at the end of that.
In the Federal government, we often face a situation where
we get to back-to-back CRs or other elements where the money
that is budgeted is allocated so late in the fiscal year that
you have 2 to 3 months, if that, often to not only procure what
you are hoping to procure once you know the money you have, but
then try to implement and get things done in time. And that is
a real limiter on the ability to drive innovation and a long-
term view of where you could go with some of this. We have seen
capital budgeting and some other things in government be
helpful in that area.
Mr. Connolly. Mr. Powner?
Mr. Powner. Well, in addition to innovation, I know I do
work specifically on weather satellites. And there has been
situations where with the weather satellites, they are very
important, you look at polar-orbiting satellites in this
country, they were essential to predicting the Sandy
superstorm. That was a real success story in terms of the
accuracy of when that storm hit. It was spot-on, due to these
weather satellites. And I know the current acquisition on those
satellites has been affected in a negative way due to some CRs.
Mr. Connolly. Well, I thank you both very much. I do think
it is other constraint we have to look at in terms of our own
process in Congress and how, perhaps unwittingly, we contribute
to some of the problems in the whole process of Federal IT
procurement. Thank you both so much.
Thank you, Mr. Chairman, and I thank my colleague.
Chairman Issa. Thank you. Would the gentleman further
yield? Thank you. I just want to have something answered for
the record.
This committee took a keen interest under both Mr. Waxman
and Mr. Davis in the failures of FTS 2000, the
telecommunications modernization. At least at the last time
that we had a hearing, what we found was that agencies had
simply refused--they didn't say refused--but never implemented
the cost savings that came with modernization.
We now have, it has now been renamed in that 2009 networks.
And many agencies are still struggling to, if you will, take
advantage of cost savings of buying better telecommunications
for less. And as we talk about the cloud, obviously, if you
don't have a low-cost, high-speed Internet connection, you are
going to also resist the cloud.
So could you, there is no time left right now, but either
at the end or in writing, if you would answer on your vision of
where we go there, because, tangentially, it is part of the
problem.
Chairman Issa. With that we recognize the gentleman from
Tennessee, Mr. Duncan.
Mr. Duncan. Thank you very much, Mr. Chairman. And it seems
to me that this is a pretty important subject, and I appreciate
your calling this hearing. And I think almost every member
should be upset or should be at least concerned if they would
read what was in our committee memorandum. And it says,
``Despite spending more than $600 billion over the past decade,
too often Federal IT budgets ran over budget, behind schedule,
or never deliver on the promised solution.'' And it says,
``Some industry experts have estimated that as much as 70
percent of new Federal IT acquisitions fail or require re-
baselining''--70 percent. I mean, that is almost a shocking
figure that I don't think we would accept in almost any other
field.
Just a week and a half ago, I read in the New York Times a
story that said that conversion to electronic health records
has failed so far to produce the hoped-for savings in the
healthcare costs and has had mixed results, at best, and said
optimistic predictions by RAND in 2005 helped drive explosive
growth in the electronics records industry. And yet today it
says this 2005 report that helped lead to all this explosion in
the technical equipment for the Federal government was paid for
by a group of companies, including General Electric and Cerner
Corporation, that have profited by developing all this
equipment.
And so often in other committees I have heard, whenever a
government agency messes up they always say one of two things
or both. They say they are underfunded or their technology is
outmoded or out of date. And yet the technology in the Federal
government is usually much newer than anything that most of the
private sector has.
And I was thinking about this a few minutes ago, and I
thought back to something that former Governor Rendell, when he
was mayor of Philadelphia many years ago, he was having trouble
with city employee unions. And he testified in front of the
House Ways and Means Committee and he said that government does
not work because it was not designed to. He said, there is no
incentive for people to work hard, so many do not, there is no
incentive for people to save money, so much of it is
squandered.
And what I keep seeing in this, the only people who really
understand this subject are techies who want us to buy all the
newest and latest equipment and all the bells and whistles even
though we really can't afford it and it is not cost effective
it is not producing the results that we are paying for.
And so I guess the only real question I have is, can either
of you think of any way that we could put more good Federal
employees, since the money to buy all this new equipment and
spend all these mega-billions each year is not coming out their
pockets. So they don't really have any incentive or any
pressure to hold these down costs or not buy new equipment
every year or every other year.
Is there some way that we can get some incentives or
pressures to do better? I mean, surely we sure need to do
better in this area.
Mr. VanRoekel. I very much agree. And I am in my job now
largely because of that fact. And I think we are able to have
much of the conversation. You were able to cite some of the
statistics you were in your comments because we are making
progress in these areas.
The accountability mechanism of the IT Dashboard, the
ability for us to put a public-facing Web site up that says,
here is what we are doing in government and IT, here is where
people are implementing certain technologies, here is what is
happening, down to a very granular level with new features
being added to that all the time is creating a really
interesting dynamic of accountability relative to the delivery
against those Federal projects and priorities.
I think that is part of the equation. I also think we need
to change the way we do business inside government. The way we
build solutions is a very mid-20th-century, mid- to late 20th-
century kind of view, where in the 21st century we have a much
different model of building solutions.
When I was building products at Microsoft, I wouldn't have
thought to take a government-like approach to anything. It was
all about speed and modularity and the ability to build in a
very fast way high-quality outcomes. And in the government,
that hasn't been the norm, to your comments. And I think we
have the ability to change that through good policy, which we
are implementing now.
Mr. Duncan. All right. Mr. Powner? You see my point? I
mean, I own two cars; one is a 2003 and one is a 2006. But if
somebody else was paying for it, I might be out there trying to
get one that has got better, newer equipment. And I think that
is the problem.
Mr. Powner. I do agree with Steve's comments about the
Dashboard. I think the accountability through the Dashboard,
where you have someone who is responsible for those investments
and if they are not being delivered appropriately, there needs
to be accountability. Someone needs to be able for answer to
that. Because there is a lot of dollars. We are talking about
$80 billion we spend here.
To give you an example, in the report, my written
statement, we did a report looking at successful IT
acquisitions. So we went to the top 10 spenders and we said,
give us one example of a success story where something was
delivered, it is in operations, users are using it, and it was
somewhere in the ballpark of cost and schedule. And there are
seven examples, seven agencies gave us one. And that includes
DOD. And you can read about those projects in there.
But there were three agencies couldn't give us
one. Three agencies could not give us one success story of
a mission-critical system that was delivered recently. That is
sad and someone should be held accountable for that, if we are
spending $4 billion, $5 billion, $6 billion at these agencies
and they can't give you one success story.
Mr. Duncan. Maybe we should come up with some bonus
programs for Federal employees who save us money in this area
in some way.
Thank you very much.
Chairman Issa. I thank the gentleman.
For the record, would you mind doing some quick research on
the three agencies that couldn't give you any examples and find
out whether they had contracts that paid bonuses and whether or
not employees received bonuses for overseeing those contracts
that they couldn't give you, to the extent that you can?
As we close, this committee has taken note in the past of
FedRAMP, something your predecessor began. We thought and still
believe that it shows great promise. My understanding is, to
date, we don't have, out of the five tests, if you will, up-
and-running sites that can be sold, that are FISMA compliant,
that can be sold across the government. If you would answer for
the record your vision of how you get from zero to five or more
and any other information you'd like to give us, that will
probably be a follow-up hearing.
Mr. VanRoekel. Yes, sir. We are actually at one right now,
as of the last couple of----
Chairman Issa. Conditional or provisional.
Mr. VanRoekel. Authority to operate, yes.
Chairman Issa. I understood they were provisional in some
way. Is that just a term?
Mr. VanRoekel. No, we have one vendor that does have an
official authority to operate.
Chairman Issa. Okay. So there is one to sell.
Mr. VanRoekel. That is right. And we have 78 in the
pipeline behind them. And we are processing through the
pipeline right now those 78. So you will start to see more and
more coming online in short order.
Chairman Issa. Excellent.
Mr. VanRoekel. And we expect 2013 will be a big year for
getting vendors online with FedRAMP.
Chairman Issa. Okay. Well I appreciate that. That is a why
where we'd like to have a good news story.
I would like thank our panel. You have been very patient
through the votes.
And with that, we will set up for the next panel.
We now welcome our third panel, beginning with Mr. Douglas
Bourgeois. He is vice president and chief cloud executive at
VMware, spoken about earlier as an entity that allows us to
leverage multiple operating activities on a single piece of
hardware.
Mr. Michael Klayko is the former CEO and current advisor to
Brocade Communication Systems, Inc.
And Mr. Chris Niehaus is the director of Microsoft U.S.
Office of Civic Innovations, meaning, you are bringing us what
is good and modern, something we were talking about wanting in
the last panel.
Again, you saw this earlier. Pursuant to the committee
rules, would you please rise to take the oath and raise your
right hands.
Do you solemnly swear or affirm the testimony you are about
to give will be the truth, the whole truth, and nothing but the
truth?
Let the record indicate that all three witnesses answered
in the affirmative.
Again, as the previous panel, we would ask you to please do
your best to limit to 5 minutes, and we will do the same.
Mr. Bourgeois?
STATEMENT OF DOUGLAS BOURGEOIS
Mr. Bourgeois. Thank you. Chairman Issa, Ranking Member
Cummings, and members of the committee, thank you for this
opportunity to discuss how the Federal government can reform
its information technology investment strategy. Technology has
always evolved rapidly, and that rate has accelerated to a pace
that we have never seen before. Unfortunately, the government's
methods for the acquisition and utilization of IT have not
evolved in a manner that keeps pace with this innovation.
We believe that there are three fundamental challenges that
should be addressed for the government to effectively leverage
advancements in technology. These are complexity, expertise,
and culture.
The IT acquisition environment is too complex. Advances in
technology, such as virtualization and cloud computing, have
rapidly accelerated the delivery of IT resources and made
organizations more agile. Technology resources that once would
have taken weeks, if not months to deploy can be carried out in
a matter of minutes. By leveraging such dynamic capabilities,
organizations are able to respond very rapidly to changing
market conditions without making substantial capital
investments in technology. But the IT acquisition process in
the Federal government still moves at glacial speed.
In addition, these innovative technologies have turned a
significant amount of IT products and services into
commodities. The government should acquire these commodity
technologies using performance-based contracting methods that
address the longstanding tendency of the government to over-
specify their requirements. Furthermore, the use of
performance-based contracting methods, such as share and
savings contracts, would also lower the risk of underperforming
IT acquisitions and increase accountability for vendors.
Another way to simplify IT acquisitions is to simplify the
overall IT environment within which IT products and services
operate. Thus, the Federal government should continue with the
efforts to consolidate and reduce the number of data centers
government-wide. But the consolidation effort should not stop
there. Other simplification tactics, such as virtualization of
the networks and desktops, as well as the elimination of
duplication of applications would drive further savings across
the government.
The high degree of complexity in both the acquisition
environment and the data centers throughout the government puts
a tremendous strain on the workforce. In addition, studies have
shown how the shear volume of Federal acquisitions has grown in
recent years. At the same time, the staffing level of
acquisition professionals has not kept pace with the growth.
Let me be clear in saying that while the growth itself is
an issue, it is not the only issue. Existing efforts to
increase the expertise of the IT acquisition workforce, such as
the use of cadres and certification programs, should be
expanded. The increased use of intern programs, perhaps in
partnership with universities, and IT specializations should be
established.
However, the IT acquisition workforce isn't the only area
where additional expertise is required. Certain technical
resources within IT organizations should also be trained and
certified to develop the necessary level of expertise in
critical technologies. As we have heard in the testimony
previous hearing, that if the government staff that don't have
the level of expertise as the contractors do, then there are
going to be problems that occur as a result.
The third and final area in need of change is the culture.
The decentralized approach to IT acquisition across the
government has created a culture that is detrimental to
performance and efficiency. The highly distributed approach
also makes it difficult to gather data for analysis and
transparency. This overall culture needs to become more
centralized with areas of IT specialization to improve
efficiency. Acquisition centers need to become more services-
based with built-in incentives for performance and
accountability. For example, IT acquisition centers should
publish commitments to customers that clearly specify the
timeliness and other performance criteria in advance.
Contracting tools are also duplicated and inefficient. A
collaborative tool should be developed to foster more efficient
handling of complex acquisition material, to track the
responsiveness of program and acquisition professionals, and to
increase transparency.
But the acquisition culture isn't the only one that needs
to change. As the transition to cloud computing continues, IT
organizations also need to transform to an IT-as-a-service
model as well. Government CIOs must be in position to
effectively carry out the responsibilities as the role of the
IT organization changes to be more of a broker of service
options.
For this reason, I strongly support strengthening the role
and authority of agency-level CIOs to reflect the intent and
requirements of the Clinger-Cohen Act. I also suggest that the
structure of the IT budget needs to evolve to be more
compatible with the industry trend away from capital
investments and towards operating expenses.
In closing, we commend the leadership of the current and
previous Federal CIOs to set the right course for Federal
government. The journey to IT as a service has already begun
through the consolidation of data centers and cloud first
policy. In order to continue making progress, the methods for
the acquisition and management of IT resources needs to evolve.
Specifically, changes need to be made to address the changes of
complexity, expertise, and culture.
We thank you for the opportunity to participate in this
hearing today on this very important matter.
Chairman Issa. Thank you.
[The statement of Mr. Bourgeois follows:]
[GRAPHIC] [TIFF OMITTED] 79790.034
[GRAPHIC] [TIFF OMITTED] 79790.035
[GRAPHIC] [TIFF OMITTED] 79790.036
[GRAPHIC] [TIFF OMITTED] 79790.037
[GRAPHIC] [TIFF OMITTED] 79790.038
[GRAPHIC] [TIFF OMITTED] 79790.039
[GRAPHIC] [TIFF OMITTED] 79790.040
[GRAPHIC] [TIFF OMITTED] 79790.041
[GRAPHIC] [TIFF OMITTED] 79790.042
[GRAPHIC] [TIFF OMITTED] 79790.043
[GRAPHIC] [TIFF OMITTED] 79790.044
[GRAPHIC] [TIFF OMITTED] 79790.045
[GRAPHIC] [TIFF OMITTED] 79790.046
Chairman Issa. Mr. Klayko, I understand that you have a
flight to catch?
Mr. Klayko. There will be another one.
Chairman Issa. There will be another one.
Mr. Klayko. There will be another flight. This is too
important.
Chairman Issa. Thank you. I certainly appreciate it. You
are recognized.
STATEMENT OF MICHAEL KLAYKO
Mr. Klayko. Good afternoon. I, too, would like to thank
you, Chairman Issa and Ranking Member Cummings, for this
opportunity to present testimony in today's hearing, for your
great work you are doing to reduce waste in Federal information
technology spending. I say this as a business leader and an
American taxpayer. It is a privilege to be here, so I want to
thank you for that.
I served as the CEO of Brocade Communications from 2005
until last week, where the company announced a new CEO. I
announced my intention to resign as CEO in August of 2012. And
I have been an employee and advisor to the company during this
transition period.
I have also had the opportunity to visit Washington, D.C.,
many times a year as the CEO of Brocade, a well as the former
chairman of Silicon Valley Leadership Group, which is an
organization of 395 member companies representing Silicon
Valley's largest companies. As the chairman of that group,
collectively we employ 1.6 million Americans and have a market
cap of about $2 trillion. So I am honored to speak with you
today not just representing my company but the people also in
the valley. I hope with my experience that I have had in the
past since being in technology since 1975, I can share some of
the things that have been of interest to us that should be of
interest to you.
I would also like to share Brocade's experience with the
way Federal government acquires IT equipment and services. My
perspective is that of the CEO chartered with managing the
growth of a company. Brocade is a true Silicon Valley startup:
Four guys, a keg of beer, and an idea, and a dog in 1995. And
now 2-plus billion dollars, we compete on a world stage. I
truly believe we are an American treasure as we face fierce
competition everywhere we go and we win. We sell about $250
million a year annually of network technology to the Federal
government, and they are the backbone of the Nation's critical
infrastructure.
Some of the challenges we see today are outlined,
obviously. But when Federal agencies rely on a single OEM, or
original equipment manufacturer for IT solutions like
networking, server, storage technology, and the like, it
creates situations where the majority of the spending goes to
supporting legacy environments. Those legacy environments in
equipment, operations and maintenance. This is wasteful, denies
Federal agencies the benefits that come from more competitive
and innovative environments.
One common practice that we have observed in Federal IT
procurement is the use of brand name or equivalent
requirements. I want to be clear. There are many situations
where you need to specify a particular product or brand. In
those case, sole-source justification can be made when no other
technology is available to meet the requirements.
But I am not talking about those cases. Instead, I will
focus on the cases where Federal procurement purchasing
organizations use brand name requirements in requests for
proposals, request for quote, technical reference models. An
example, device is listed by name and part number, example, ABC
Router 2000, to signal the type of technology being sought in
the bid and it is followed by the phrase ``or equivalent.''
Brand name or equivalent requirements incorporates all the
features and function of a particular brand product, however,
all these specific features and functions may not actually be
needed by the agency to meet the mission, therefore putting the
agency in a position for paying for features and functionality
that are not necessary.
Systems integrators see brand name or equivalent
requirements and they don't want to use non-ABC products in
their bids. First, they are concerned that the technical
committee will reject the proposal if the package does not
include the specific ABC product, therefore eliminating them
from the opportunity to secure a bid. They are also concerned
with the extra time and effort needed on their part of the
technical committee evaluation.
And second, many Federal contracts have specific delivery
dates and they fear that testing an alternative solution may
cause a delay in the project, thus eliminating them as a
possible provider of an alternative solution.
In the purchase of information technology, this creates a
perception of bias and limits the technology that integrators
and value-added resellers can provide and will provide. The
combination of these proprietary features of the brand, the
bias created, and the fear of losing dramatically limits the
available alternatives and hampers the ability of government
contracting officials to fairly evaluate solutions.
Ultimately, depending on a single OEM for a majority of any
IT solution increases the cost in two important ways: Limiting
competition, missing out on innovation.
So there are options that can be considered, such as open
industry standards. When acquiring IT equipment and services,
Federal agencies should seek out features, functions, and
capabilities relying on open industry standards to maximize
competition and innovation. We hope that you will continue to
support that.
I have many examples that I would like to share in a
question-and-answer session. But I would like to thank you for
this testimony today. Look forward to questions and continued
discussion.
Chairman Issa. Thank you.
[The statement of Mr. Klayko follows:]
[GRAPHIC] [TIFF OMITTED] 79790.047
[GRAPHIC] [TIFF OMITTED] 79790.048
[GRAPHIC] [TIFF OMITTED] 79790.049
[GRAPHIC] [TIFF OMITTED] 79790.050
[GRAPHIC] [TIFF OMITTED] 79790.051
[GRAPHIC] [TIFF OMITTED] 79790.052
Chairman Issa. Mr. Niehaus?
STATEMENT OF CHRIS NIEHAUS
Mr. Niehaus. Chairman Issa, Ranking Member Cummings, and
distinguished members of the committee, good afternoon. My name
is Chris Niehaus, and I appreciate the opportunity to discuss
the government's IT investment strategy.
I am the director of Microsoft's U.S. Office of Civic
Innovation, and my team focuses on delivering innovative
solutions to government customers. I hope Microsoft's extensive
experience helping public and private sector customers around
the world will help this committee.
Microsoft supports the committee's goals of reducing the
cost of legacy systems, decreasing duplication, utilizing cost-
effective commercial technologies, and maximizing best value.
Our experience has taught us three lessons that support these
goals. Number one, agencies can reduce IT costs by not only
reforming how they buy IT, but also by more effectively
assessing and management existing assets. Number two,
successful IT solutions result when the private sector
collaborates with government to provide commercial devices and
services to meet agency missions. And number three, the
government gets the best value when it uses full and open
competition and clear, mission-focused requirements.
As to the first lesson, to reduce IT costs, GAO reports
confirm that better management of existing assets is just as
important as reforming the acquisition process. A great way to
improve IT asset management is making the OMB-recommended
operational assessments and inventories mandatory for CIOs and
requiring them to analyze existing assets, needs, and new
technologies when starting major IT acquisitions.
An instructive lesson from the private sector is that
problems are best solved closest to the mission, which is the
case would mean keeping reform efforts at the agency CIO level.
We in industry can help with IT asset management. Gartner
studies show that agencies can lower total costs of ownership,
up to $2,500 per year, per desktop, simply by better managing
technologies they already own. They can further lower costs up
to an additional 30 percent by using virtualization
technologies to move certain applications and desktop
functions, like Microsoft Office, to the cloud. Agency CIOs
tell us that they favor the flexibility of cloud-based delivery
because it helps them move their IT investments from rigid
capital budgets to operating expenses. And industry can also
agencies consolidate resources where appropriate. For example,
the Microsoft Joint Enterprise Licensing Agreement, or JELA,
recently signed with the Army, Air Force, and DISA addresses
common needs of each licensee while still addressing unique DOD
security requirements.
As to the second lesson, agencies can buy more cost
effectively by making smarter use of commercial IT, which costs
less and often performs better than custom IT. The key is close
and early collaboration among agency CIOs, procurement
officers, and industry beginning when the government first
starts developing requirements so that it can better understand
commercial market capabilities and avoid the familiar problem
of drafting requirements behind closed doors and hoping that
the market will deliver.
As an example of strong collaboration, we are working with
the Air Force to determine how Microsoft's Xbox Kinect, a
motion-sensing game controller that costs about $110, can be
used to serve as a rehabilitation tool for wounded warriors.
Such creative and agile collaboration would be less possible if
the government went back to centralized government-wide IT
acquisition models.
Similarly, it would make it harder for the government to
get the best that the commercial marketplace has to offer by
adopting new acquisition structures focused on so-called
commodity IT. In my experience, the term commodity IT is not
used in the commercial market. Not even something as ubiquitous
as email is treated as a commodity. The recent GSA email-as-a-
service blanket purchase agreements, or BPAs, distinguish seven
different types of cloud email, depending on security and other
requirements. Moreover, unlike pencils, paper, and other true
commodities, agency missions and information technologies never
stop evolving.
And as to the third lesson, best value means more than
simply lowest initial cost. Rather, agency CIOs should be
required to make best-value determinations in a technology-
neutral fashion, avoiding preferences for any particular
license model and using a set of core factors, including total
cost of ownership, security, privacy, accessibility, record
integrity, data portability, and openness of standards.
Agency CIOs should also be empowered to prioritize among
these factors based upon the mission being supported. When
agencies are clear about which factors will be prioritized and
what requirements must be met, industry can and must be equally
transparent about how our devices and services satisfy the
government's requirements.
In conclusion, Microsoft looks forward to working with
Congress in this critically important area. Together, I am
confident we can provide IT solutions that will maximize best
value and decrease total cost of IT ownership across agencies.
I thank you and look forward to answering your questions.
Chairman Issa. Thank you.
[The statement of Mr. Niehaus follows:]
[GRAPHIC] [TIFF OMITTED] 79790.053
[GRAPHIC] [TIFF OMITTED] 79790.054
[GRAPHIC] [TIFF OMITTED] 79790.055
[GRAPHIC] [TIFF OMITTED] 79790.056
[GRAPHIC] [TIFF OMITTED] 79790.057
[GRAPHIC] [TIFF OMITTED] 79790.058
[GRAPHIC] [TIFF OMITTED] 79790.059
[GRAPHIC] [TIFF OMITTED] 79790.060
[GRAPHIC] [TIFF OMITTED] 79790.061
[GRAPHIC] [TIFF OMITTED] 79790.062
Chairman Issa. I will recognize myself.
Mr. Niehaus, your statement, I got a little confused on, so
let me see if we can straighten it out. I understand that
government always starts off asking for COTS when they are told
to and then distorts and mangles it to where no one would
recognize it as commercial off-the-shelf. Is that what you are
sort of saying?
Mr. Niehaus. Mr. Chairman, we fully embrace and support the
term COTS, commercial off-the-shelf software.
Chairman Issa. But I guess my questions is, are you saying
there no such thing as COTS----
Mr. Niehaus. No.
Chairman Issa. --because there shouldn't be or there is no
such thing as COTS because the--particularly DOD as an
example--is used to abusing the process of starting with COTS
and then demanding changes that make it unique such that in
your opening statement you even mention that DOD when using
highly commercial software had to de-conflict within DOD with
different security requirements?
Mr. Niehaus. Mr. Chairman, the term COTS we fully support
in industry. The term commodity IT we do not see as an
interchangeable definition for COTS. We believe that that term
is--we do not see that in the private sector today----
Chairman Issa. Okay. But let me follow up, because this is
really the essence of what you said, and then I want to get to
the other witnesses. Email is a commodity, isn't it?
Mr. Niehaus. I don't believe that, Mr. Chairman.
Chairman Issa. Okay.
Mr. Niehaus. I believe email, for example, under the GSA
BPA, there were seven different lots awarded for that based off
of different requirements. And there were very few vendors that
were able to satisfy all of those lots under that agreement. A
true commodity would be able to support all of them equally.
Chairman Issa. I think what makes me snicker just a little
bit is, in the private sector, to the business world, and one
time a few years ago I was over in the committee next door and
I dispassionately implied that Lotus Notes didn't exist anymore
and I was quickly told that the White House was still using it,
basically, and spending a lot of money on it. And IBM made it
very clear that they still had a thriving business in legacy
software, because some lawyers hadn't given up on it and,
therefore, we were spending millions to maintain it.
Let's go back again. At any given time, things like email,
Microsoft being a market leader in it, Google, obviously,
having a market share and a few others, in the private sector,
to the gentleman sitting next to you, if I asked him if that
was a commodity in his business, would he say yes or no?
Mr. Niehaus. The question is directed to me?
Chairman Issa. I am asking you. I will get to Mr. Klayko.
Mr. Niehaus. I would say that by definition it is not a
commodity.
Chairman Issa. I am not trying to mistreat you, but I want
to represent the time. Mr. Klayko, I am taking a big risk here.
In the private sector, to CEOs at businesses, do you view it as
a commodity that you buy what meets your needs, or that you
feel you have to design your own email system around your
company's culture?
Mr. Klayko. We buy what is available.
Chairman Issa. Now, I am going to chance that the VMware
model is you don't make up your own email, is that right?
Mr. Bourgeois. That is correct. And you, Mr. Chairman,
demonstrated an understanding of our core technology and how it
fits into the scheme of consolidation. But on the matter I
would say two quick things. One, call it what you want, but an
x-86 server with a certain amount of memory and a certain
amount of CPU is exactly the same as another one that has the
same capability and capacity. And so whether you would call it
commodity or not, there is a certain degree, and because
technology is evolving rapidly more and more every day of
capabilities that are essentially not important to the overall
solution and could be automated and carried out in a very rapid
fashion.
Chairman Issa. And doesn't your company basically process
that processing power and say, if I am going to have a bigger
machine, I am going to have 12 different operating systems on
it, or four, because I want to leverage the maximum efficiency
of both the CPU and the DASD.
Mr. Bourgeois. And that is the second point I was going to
go to. So the first point is that the technology exists to be
able to pool the resources together and share them among many
different applications, which, as the previous panel described,
that there is a tendency of legacy in the industry to keep
things vertical and siloed, which drives up the cost structure.
And the second shift is away from an operating system-centric
approach to applications and solutions to a more cloud or
virtual data center-centric approach, and that in itself lends
itself to an increasing uniformity of the solution, so that the
overall underlying components don't matter as much.
Chairman Issa. And, Mr. Niehaus, I just want you to
understand, I am not disagreeing with you that government finds
a way to make nothing COTS and nothing commercial, but when the
GSA went out for emails, every email system that they found
acceptable happened to be commercial off-the-shelf. So the
commodities were in fact different flavors of branded product.
Mr. Niehaus. Correct. I want to be clear, Mr. Chairman,
that I am not disputing commercial off-the-shelf software is
valuable and ideal for government. The term commodity is not a
phrase that I experience in the private sector. And so without
more clear definition, and if commodity means commercial off-
the-shelf software, then that certainly is a discussion we
should have.
Chairman Issa. I appreciate that, and if I could have an
additional minute.
Mr. Klayko, I want to follow up with you and finally. I am
very sensitive of the fact that before I came here I had the
honor of serving as chairman of the Consumer Electronics
Association and I was on the board of EIA. Should the
government make a concerted effort to reach out to standards
organizations and leverage them instead of saying, I want to D-
Link 24-port switch or equivalent. Is that really where we need
to get out of this lazy tendency to say this would work or
equivalent and say, what is the standard and can we leverage
organizations in which maybe all these companies belong to have
a common statement?
Mr. Klayko. I think it would go a long way with simplifying
the procurement process, the deployment process, the
manageability. If you deploy to open standards you can take
advantage of the innovation as it comes along over time. I have
heard lots of facts and figures today, and as a taxpayer, I
have to be honest, my hands were sweating. Some of the
statements were appalling. I will just go on record. And we
know that these are issues. We ought to try to address them.
Open standards will not fix all of them, but it goes a long
way, because you put a baseline and it actually encourages
competition and innovation. Competition and innovation, as you
know, encourages better price performance.
Chairman Issa. Thank you.
And I now recognize the ranking member, and thank you for
your indulgence.
Mr. Cummings. Oh, no problem.
You all heard the testimony earlier with regard to
personnel in government, people being sophisticated, that kind
of thing, problems that you heard about earlier in the second
panel. I am just wondering, did you have any comments on those,
such as it seems to be a--you know, I sat here and I said to
myself they sounds like it is too big to be successful. And I
am just curious, do you have any comments? That is, our whole
government IT situation. Any comments?
Mr. Klayko. I will take a swing at it.
Mr. Cummings. Yes, take a swing.
Mr. Klayko. It is a pretty big question, pretty broad. I
think you have to continue and invest in people at the end of
the day. There are various aspects of technology deployment. I
am a very big believer in people. I think there is a myth that
all the private sector gets all the smart people. I think that
is a myth. The fact of the matter, I think there is equally
number of smart, intelligent, as well as highly trained people
in the government.
I compete very rigorously for people in the technology
world. In Silicon Valley is vicious. It got to a certain point
where I couldn't find enough people, so what I ended up doing,
I created my own university where I had to get people in and I
had to train them because you can't continue to steal from each
other so you have to go ahead and change that formula.
I think we can do that in the government also. I think the
quality of the people are fine. The people that want to be here
are here. The issue is you have to give them the tools and you
have to retool them like any other. You don't drive a car
100,000 miles without changing the oil a few times and putting
a few other maintenance items in. I think that is no different
than the people.
Mr. Bourgeois. Thank you. Obviously, you heard in my
opening statement that I believe that a continued investment in
people, both on the acquisition side and on the IT side, is an
absolute necessity. But make no mistake, as you point out, the
problem is larger than the people. The culture needs to evolve
as well, and that includes the culture in the programs that
tend to have a lot of IT money that is made in many cases
outside of the purview of the CIO, and then the culture in the
CIO organization themselves, in particular with how the
organization is empowered to carry out the full IT mission and
responsibilities of the agency.
So your point is well taken. But if the culture can evolve
and the additional investment in the training of the workforce
continues, and some other techniques which I consider under the
culture of modularization, as we heard Mr. VanRoekel testify,
and much smaller deliverables happening much faster but working
in succession towards an overall goal, which, by the way, is a
mission goal, not an IT goal, then I do believe that the
problem can be--there can be success in spite of the challenge.
Mr. Cummings. You can imagine when taxpayers hear the kind
of figures we have heard here today and to hear the failures,
they got to get upset. And then what happens is that they then
say, you know, government can't do things right. And some kind
of way we have to rightsize--I mean, we have to figure out ways
to make sure. That is why I was asking the panel earlier about
when you get people who are doing things the right way, how do
you encourage that and how do you spread it around? Because
people have to have faith in their government. And that is so
important. And when you hear these kind of figures like Mr.
Duncan was saying, it gets to be I am sure for some very
discouraging. That is why I was wondering if this thing is so
big that we can't control it?
Mr. Niehaus. Well, the prior witnesses really hit on a
point that resonates with my experience across public sector
and even in private sector that an empowered CIO that is given
a clear swim lane, a set of responsibilities, authority and
accountability can make great things happen.
The examples that were cited about the VA, for example, we
recently renewed a very ambitious and creative agreement with
them and have won the opportunity to take them to the cloud for
their email. That was done by an empowered CIO. Also we commend
when CIOs across agencies like the Army and the Air Force and
DISA can come together and agree on shared requirements and
have the authority to make those decisions, they can do great
things.
Mr. Cummings. Were you all surprised when Mr. Powner said
that he asked for operations that were functioning properly,
seven agencies, and I think he said three of them couldn't name
any. I mean, did that surprise any of you all? Hello?
Mr. Klayko. I would say I don't know what the metrics are,
and so I think part of that comes back, there is probably an
expectation that comes back. I believe you can't manage
anything if you don't have metrics associated with it, so I
don't know what the metrics they were going. Because I can
actually hear the same people say they are perfect. So it
depends on what the metrics they are looking at.
Mr. Cummings. So your university, I mean, I assume you
invest quite a bit in that university. And what does
``university'' mean?
Mr. Klayko. We teach kids what they don't learn in college.
They get book smart in college but they don't understand
business and how to get things done. And we tell them, let me
make sure you understand one thing when you come to work here,
that you are entitled to nothing. You compete. So it is a life
lesson, and that is what this is about. So we put them through
a short quarterly program and then we have a mentor actually
take them through how do you operate and get things done. So
there is a lot of other people that are doing it very
effectively. Ours is one that we need to do it to instill
change in our culture.
Mr. Cummings. How many employees do you have?
Mr. Klayko. We have about 5,000 employees.
Mr. Cummings. Thank you.
Chairman Issa. Thank you.
With that, we recognize the gentleman from Virginia, Mr.
Connolly.
Mr. Connolly. Thank you, Mr. Chairman.
Chairman Issa. I am sorry. If you wouldn't mind, the other
gentleman.
Mr. Connolly. Of course not. I would be honored.
Chairman Issa. I apologize. You snuck up on me, John. We
recognize the gentleman from Florida, Mr. Mica.
Mr. Mica. Thank you. And we will get to Mr. Connolly in
just a second.
Mr. Connolly. I am only too happy to have you go first, Mr.
Mica.
Mr. Mica. Thank you. Thank you.
We heard the OMB CIO say that he didn't see any impediments
as far as the law. Are any of you aware of any changes that we
need to make in the law that would help us in this whole
process? Anything?
Mr. Bourgeois. I don't know if I would specifically say
there are changes in the law, and I am definitely not an expert
on the laws themselves. What I would say is that in how those
existing laws have been operationalized is just a mess. So if
it can be simplified quite a bit.
Mr. Mica. The other thing is he cited himself that he would
give an agency the authority to move ahead and they would take
the paper and wave it around, but there is some problems in
getting the authority transmitted to the agency, so there is
some disconnect. He says he has the law and the authority to do
that, but it is not happening. So that is some of what you are
referring to?
Mr. Bourgeois. I am not sure I am familiar----
Mr. Mica. First of all, thank you all. I come from the
private sector. I have been on this committee a long time and
others, and for the private sector to come forward and testify
like you are doing, I appreciate it very much. Sometimes they
are very reticent for retribution or anything you say may be
held against you and all of that. But this is important, and
our purpose isn't to bash them, it is to try to see how we move
this forward.
Mr. Bourgeois. Let me give my best example from my
experience when I was an executive CIO at the U.S. Patent and
Trademark Office. So in terms of empowerment, yes, and I
mentioned specifically in my opening statement that I had the
full authority that the Clinger-Cohen Act defines. And that was
in some ways given to me by the Under Secretary at the agency,
but also in terms of how we carried out our planning for IT
investments, it was part of the budget process for the agency.
There were five executives that ran the agency: The
Commissioner for Patents, the Commissioner for Trademarks, the
CFO, the Deputy Under Secretary and myself, the CIO. And
everything started with what the agency wanted to accomplish--
reducing pendency, improving quality of patents, transparency
and dissemination of information, and so on. Every dollar of IT
investments was tied to one of those objectives. Whether it was
a maintenance of an existing legacy application or it was a
brand new thing like that new system that we implemented, you
know, new 10 years ago, to take the Patent Office completely
electronic, it was all tied to a mission objective and by
virtue of that planning and how we executed it, we carried out
the Clinger-Cohen responsibilities in concert with each other
for the good of the mission. I don't see that happening in many
other agencies today.
Mr. Mica. Well, I talked about having the law in place and
then the policy to execute that and someone executing it, then
the personnel. And I think you also mentioned the staffing
level and we have talked a little bit about that. I was
concerned that they may not be able to attract the best
personnel or retain them. Sometimes you can get them and you
teach them and the next thing you know they are out the door
and they are earning big bucks somewhere else. I am not sure
exactly how we legislate that, but I think we can look at the
incentives and the packages and things that we can offer that
might make a difference. Do you think that would be----
Mr. Bourgeois. Again, from my experience as a CIO in the
Federal government, there are existing tools that can be used
to address this challenge of expertise and attracting and
retaining the right workforce. But also, make no mistake, it is
a moving target. So as technology evolves now, those systems
and capabilities that are in place today have to evolve with
it. And there are things that I utilized as a CIO that are not
very well known, like the SL designation to hire high-end
technical experts on par with private sector expertise and then
challenge them with metrics and reward them through performance
capabilities when they delivered the results. This can happen
today, but it does require the buy-in of the head of the
agency.
Mr. Mica. There are lots of specifics, and I don't have
much time, but I was fascinated by your just sort of quick
analysis of the consolidation of the data centers. They are
trying to consolidate 1,200 out of 3,000. What do you think the
real number could be and what we could achieve there? Just one
little example.
Mr. Bourgeois. The consolidation effort to date has been a
critical first step, but there is really just the tip of the
iceberg in what it has been able to accomplish. The reason is,
as Mr. VanRoekel described, the legacy is applications that
have infrastructure dedicated to them. The first step has
somewhat consolidated them. For example, if you include back
office applications, the GAO estimates more than 2,200
investments at $9.1 billion in back office applications. There
is no question that there is billions of dollars of potential
through consolidation of those applications.
Mr. Mica. I love your phrase I will conclude with
elimination of duplication of applications. Has a certain ring
to it. Thank you. I yield back.
Chairman Issa. I thank the gentleman.
And we now go to probably the most dedicated consolidator
of these stations, the author of the legislation, Mr. Connolly.
Mr. Connolly. Thank you, Mr. Chairman, and welcome to our
panel.
You know, picking up on the concern Mr. Mica and others and
the chairman have mentioned about personnel, Mr. Klayko, you
have been a CEO, and I served 20 years in the private sector in
Federal contracting in IT. Might it be a fair statement that
the way we are treating Federal employees is going to make it
more difficult moving forward to recruit and retain, especially
highly skilled sets; freezing salaries for 3 years, raiding
their benefits to help finance other unrelated things, public
disparagement of their public service and their worth. Is that
how you would manage your workforce?
Mr. Klayko. No. I mean, you have to go ahead and create a
culture that you want people to come to work every day. And
there is a lot of other ways to go ahead and do that. So I
think you have to create a culture in the government that
people want to come to work, make a difference, and then put
performance metrics in place, they go ahead and they get
rewarded for their performance.
Mr. Connolly. Thank you.
And Mr. Bourgeois, I saw you shaking your head. I assume as
a former Federal employee, a CIO, you concur with Mr. Klayko?
Mr. Bourgeois. I will be very brief. I absolutely concur
with that. You want to create an environment that folks want to
come to work every day, and the scenario that you described
that is happening doesn't exactly do that.
Mr. Connolly. I agree.
Mr. Niehaus, you talked about best value. Could you explain
a little bit more, when you talk about best value, what are you
referring to?
Mr. Niehaus. The main concept from our perspective is the
total cost of ownership. This is an industry accepted. I
mentioned Gartner, for example, as one of the main reference
points. In industry for a lot of years there was a focus on
just lowering acquisition price. I think I heard it earlier
today where throwing more IT made things more productive, you
know, more better. And there wasn't enough looking backwards on
how are we managing the legacy systems that we are building and
how are we monitoring their success.
So the concept now is really focused on looking at total
cost of ownership and holding CIOs accountable for delivering
on that total cost of ownership, measuring it, so it is not
just acquisition, but it is how much does that system cost to
maintain, and what is the roadmap for that system after it is 5
years old, 3 years old; can you move it to the cloud, is it
open data systems, et cetera?
Mr. Connolly. And that is my next question to you, you have
anticipated it. Why is it that often maintaining a system costs
more than the original acquisition?
Mr. Niehaus. Because the way that requirements were built
may not have been in as much collaboration with the private
sector around best standards, open standards, commercial off-
the-shelf software. What can the industry that is building the
software do and deliver on a long-term that all of industry
accepts. And when you have that, and there is inherently a
roadmap that allows you to start planning towards the future.
Mr. VanRoekel talked about the depreciation of assets and how
that in the private sector is something that you plan toward so
that you can use your P&L to actually unlock investments for
modernization instead of using it as a defense of existing
spending.
Mr. Connolly. And the chairman has talked about some very
antique systems, legacy systems.
Mr. Niehaus. Absolutely.
Mr. Connolly. The chairman and I are working together along
with the ranking member, Mr. Cummings, on some legislation, and
one of the things we are working toward is empowering CIOs.
Would you and your colleagues at Microsoft welcome that as
obviously a vendor and provider to the government, I mean? And
presuming that we consolidate 243, which is way too many, but
what is left, what kind of empowerment ought they to have from
your point of view?
Mr. Niehaus. From our perspective the most successful
projects are the ones that are closest to the mission and
mission focus, and that means also the CIO that is empowered
closest to the mission. As Congressman Davis stated, I don't
know if we know that a certain number is too many or too little
per agency. It is about the right swim lanes and the
accountability so that you can measure the success of that CIO.
The missions that the DOD performs are myriad. The U.S.
Department of Agriculture has food inspectors and various
others. It is not necessarily right to think that one CIO would
be able to have expertise in designing mission systems for each
one of those. So the goal would be to know that you are working
with an accountable and empowered CIO focused and close to that
mission to make them successful.
Mr. Connolly. Final word, Mr. Bourgeois, I want to give you
an opportunity to expand. When you were at Patent and Trade,
you gave us an example that worked and you said then that is
how we got to Clinger-Cohen, but then you said, but I don't
know many other examples of that in the Federal family. Could
you elaborate on that. Why not? What were the unique attributes
of Patent and Trade that apparently weren't transferable to
other agencies?
Mr. Bourgeois. I am glad you couched the question that way
because it does give me the opportunity to point out that in
one way it was, you know, full authority over the IT budget,
and that was all IT expenditures across the agency, and that
included the business applications used by all of the examiners
and all the other staff. Most CIOs in the Federal government
are called CIOs, but they are really chiefs of infrastructure,
because the business applications are funded and implemented,
managed by some program somewhere else. So that is a key
capability.
Also the full authority and responsibility of hiring and
firing and incentivizing and managing all of the IT people and
IT classifications throughout the entire agency. So there were
these other control factors in place through HR, through
contracting and other means throughout the office, that if
things were happening in the rogue IT organization in the
business units, they would come back to me as the CIO and I
could go talk to my peer, we could correct it and get it back
on track.
Mr. Connolly. I thank the chair.
Chairman Issa. Thank you. I would like to do just one short
additional round.
Mr. Klayko, since you are the only person that currently is
not working for a company, I am going to take advantage of your
temporary lack of conflict potentially, although pride is the
greatest conflict sometimes in an answer. But in your years of
selling products and services, didn't you try to decommoditize
what you sold while the buyer tried to commoditize. Today you
have in a sense told us in your opening statement that in fact
the worst thing to do is to buy into the decommoditization. In
other words, when I ask for a Cisco router or equivalent or a
D-Link router or whichever brand, I am buying into somebody's
decommoditization by definition. Isn't that pretty much what
you said?
Mr. Klayko. As a vendor?
Chairman Issa. As a vendor you want to decommoditize. You
want to have your brand matter and have it spec'd by name if
possible. As a buyer I want everything to be pounds of wheat. I
want everything to be as commoditized as possible. Isn't that
essentially the relationship that is optimally the first thing
that each of you is working toward?
Mr. Klayko. I mean, if you start at the opposite ends and
work towards the middle, I think that is probably true. I
looked at in many of the reviews I have done in the past why
someone was chosen over another. You do loss reviews all the
time. You have done it in private sector and so forth.
One of the things I find is in an IT environment, in any
environment, the most feared word is delete. So nobody deletes
anything. No one deletes data. They keep it forever. So you
just get more and more and more and more and more and it
becomes unmanageable and more difficult.
Chairman Issa. That is why we need VM's Image Backup, is
because it has gotten to be so much data we are backing up we
don't have time to back it up as data.
Mr. Klayko. Yeah, but there is still that. And then the
other thing what I found is there is a lot of fear. There is
fear of making a change. Because right now, to your point, sir,
where you said, you know, we are laying off people, there are
no raises and so forth, so why do I want to put myself on the
edge to make a recommendation to make a change if all of a
sudden it doesn't work and it fails so I become the guy they
shoot. So there is no incentive. We have the exact opposite
incentive program that should be in place.
So we are starting at different points, but the membrane to
get together, I am not sure we can if we can never align on
that. It is very, very difficult. We have to eliminate the
fear.
Chairman Issa. Okay. I am going to do two last questions.
Mr. Niehaus, I give you a little grief on this subject
deliberately. Microsoft and a number of other well-known brand
names in software deliver more than a commodity because they
deliver the history, the predictability. Look, 1.0, everything
fails, and 2.0 exists for the purpose of fixing everything that
was wrong with 1.0 and 1.1 and 1.2. We get it, that you can't
deal with people on a purely commodity basis. But from a
government procurement standpoint, shouldn't our procurement
reform be similar to Mr. Klayko's statement, which is quit
spec'ing by definition what we need almost by brand name and
spec it to the greatest extent by the minimum needs required,
and then companies can come in and sell their ups and adds or
additional features which often make the difference between two
otherwise identical commodities.
Mr. Niehaus. Mr. Chairman, the way that we would look at it
or the way that we see it is commercial off-the-shelf software
is a great term and a great phrase and it means a lot and it is
very accepted. The challenge is that where we are going today,
or now and in the future, is cloud-based email systems, and we
have agencies lining up to do that. That is not as simple as
just taking the version of exchange server that is running that
you already own and just putting it in the cloud and running
it. It is actually new innovations. It is new capabilities. It
is the ability to provide that warfighter a disconnected
scenario downrange or a task worker in the field or a food
inspector disconnected as well as an IRS worker fully
connected.
Chairman Issa. Sure. Those are certainly ups and adds. And,
oh, by the way, when you went from an exchange based to clouds,
I lost a few things, too. I made that transition. The fact is
that you sometimes find things are slightly different because
you have been using, if you will, undocumented features, and
that is common that we find ways to make things work that were
not in the plan, mailboxes that are blank for some reason that
people look at in a different environment. And I appreciate
that, and hopefully that is what we are going to continue
looking at how to get right in this act.
Mr. Bourgeois, obviously I know a little bit about your
product, probably enough to be dangerous. But earlier I think
there was something that didn't get said properly, which is,
isn't it true that one consistency within our movement, the
government's movement to cloud, is underutilization. We can do
what Mr. Connolly so much wants us to do, which is consolidate.
But if we consolidate rather than to 100 servers doing 1,000
tasks and instead what we have is 1,000 servers each doing one
task, we haven't really saved anything other than we have made
the electric bill appear in one place. Isn't that to a great
extent the other part of consolidation that we have to find a
way to do?
Mr. Bourgeois. Mr. Chairman, that is very well said. I
think that the consolidation effort includes multi-layers of
the technology stack, and the majority of the efforts thus far
have been focused on the core infrastructure layer when there
is still--maybe the low hanging fruit has been picked and we
have to reach up a little farther. There is still fruit to be
picked there. But without a doubt there is an opportunity to
actually rationalize the portfolio of IT investments, to take
the 10 things that are doing the same thing and actually meld
them into one and consolidate it at the same time.
Chairman Issa. Thank you.
Any additional rounds? Mr. Cummings?
Mr. Cummings. I yield to Mr. Connolly.
Mr. Connolly. Thank you. Thank you, Mr. Cummings.
I actually just wanted to piggyback on your point, Mr.
Issa, Mr. Chairman. I think we have to find sort of a happy
medium. Take the chairman's point about emails. All right,
maybe emails shouldn't be treated as a commodity, but you heard
Mr. VanRoekel when he testified in my district in a field
forum, he pointed out in an agency, he says 20, but I am pretty
sure he said 36, but it was a lot of email systems. And you
know how that happened. It didn't happen because there are 20
or 36 unique sets of demands on an email system. It grew up
because my division got an email system and yours got one
later. And so as a result we have all this stovepipe
duplication, they can't talk to each other, and we are spending
a fortune trying to fix it. Mr. VanRoekel pointed out he
finally got one in place. Now, maybe that is too few.
So I just think that to the chairman's point, while we
don't want to have a mentality that says no, no, one size has
to fit all, god, is that a problem in government. On the other
hand, we can't treat everything as unique or we will never save
a dime and we will never get efficient.
Mr. Niehaus. Congressman, I completely agree with that. And
a perfect example, and I don't know if Mr. VanRoekel is
referring to this customer, but the USDA, for example, had that
numerous 20-plus email systems. It was Microsoft that
consolidated those into the cloud. So it is not that we are
against this, by any means. The focus that we look at is making
sure that we are continuing to meet the mission of government
as it evolves. If the decision had been pick one of these,
label it a commodity and everyone standardized on it, there
wouldn't have even been a conversation about, well, what can
the cloud offer? Can the cloud actually offer you a better
value, a faster return on your IT investment, a lower total
cost of ownership over time.
I think that is where we bring up the concern about the
term commodity because we don't see it in the private sector
but we do see commercial off-the-shelf software in the private
sector, and we do completely agree on the focus of what are the
standards of service and the standards of mission requirement
that we can all agree are the core fundamental, and let's build
around that and deliver solutions around that and fight to
innovate among competitors.
Mr. Connolly. And I do not spend a lot of time on this dais
defending the chairman, but in this case I think there has been
somewhat of a reaction to some of the draft language, and I
don't think there is that much daylight frankly between how you
just articulated it and how the chairman or I would articulate
it.
Mr. Niehaus. I think that is certainly a welcome
conversation and discussion for us to continue to support and
have. Absolutely.
Mr. Connolly. Thank you.
Chairman Issa. As we close, I will tell a very short story.
I remember all too well being in the military where we were
driving military vehicles with military tires designed for
combat, and somebody somewhere at DOD back in the seventies got
the bright idea that they ought to buy a whole bunch of pickup
trucks, standard, I believe they were mostly Dodge pickup
trucks, and paint them green and use those to run back and
forth on streets, on regular roads, to go pick up parts. It was
an innovative idea. It saved countless millions of dollars and,
quite frankly, some lives because military combat vehicles on
slippery roads, on hard surfaces, do not perform nearly as
well.
Our goal with IT purchasing reform is in fact to recognize
that Americans all buy automobiles which are commercial off-
the-shelf. We are not claiming that a Cadillac--or I will use
the now defunct Yugo--are in fact equal. But we do know that
all of them are part of a commodity for transportation. We want
to find a way to make sure that specific pieces of
transportation are purchased that optimize the Federal need and
that in every case possible we not ask somebody to set up a
brand new auto company to produce a form of transportation.
And with that, I thank all of you for kicking off this
process, being our first hearing, and we stand adjourned.
[Whereupon, at 4:40 p.m., the committee was adjourned.]
[GRAPHIC] [TIFF OMITTED] 79790.063
[GRAPHIC] [TIFF OMITTED] 79790.064
[GRAPHIC] [TIFF OMITTED] 79790.065
[GRAPHIC] [TIFF OMITTED] 79790.066
[GRAPHIC] [TIFF OMITTED] 79790.067
[GRAPHIC] [TIFF OMITTED] 79790.068
[GRAPHIC] [TIFF OMITTED] 79790.069
[GRAPHIC] [TIFF OMITTED] 79790.070
[GRAPHIC] [TIFF OMITTED] 79790.071
[GRAPHIC] [TIFF OMITTED] 79790.072
[GRAPHIC] [TIFF OMITTED] 79790.073
[GRAPHIC] [TIFF OMITTED] 79790.074
[GRAPHIC] [TIFF OMITTED] 79790.075
[GRAPHIC] [TIFF OMITTED] 79790.076
[GRAPHIC] [TIFF OMITTED] 79790.077
[GRAPHIC] [TIFF OMITTED] 79790.078
[GRAPHIC] [TIFF OMITTED] 79790.079
[GRAPHIC] [TIFF OMITTED] 79790.080
[GRAPHIC] [TIFF OMITTED] 79790.081
[GRAPHIC] [TIFF OMITTED] 79790.082
[GRAPHIC] [TIFF OMITTED] 79790.083
[GRAPHIC] [TIFF OMITTED] 79790.084
[GRAPHIC] [TIFF OMITTED] 79790.085
[GRAPHIC] [TIFF OMITTED] 79790.086
[GRAPHIC] [TIFF OMITTED] 79790.087
[GRAPHIC] [TIFF OMITTED] 79790.088
[GRAPHIC] [TIFF OMITTED] 79790.089
[GRAPHIC] [TIFF OMITTED] 79790.090
[GRAPHIC] [TIFF OMITTED] 79790.091
[GRAPHIC] [TIFF OMITTED] 79790.092
[GRAPHIC] [TIFF OMITTED] 79790.093
[GRAPHIC] [TIFF OMITTED] 79790.094
[GRAPHIC] [TIFF OMITTED] 79790.095
[GRAPHIC] [TIFF OMITTED] 79790.096
[GRAPHIC] [TIFF OMITTED] 79790.097
[GRAPHIC] [TIFF OMITTED] 79790.098
[GRAPHIC] [TIFF OMITTED] 79790.099
[GRAPHIC] [TIFF OMITTED] 79790.100
[GRAPHIC] [TIFF OMITTED] 79790.101
[GRAPHIC] [TIFF OMITTED] 79790.102
[GRAPHIC] [TIFF OMITTED] 79790.103
[GRAPHIC] [TIFF OMITTED] 79790.104
[GRAPHIC] [TIFF OMITTED] 79790.105
[GRAPHIC] [TIFF OMITTED] 79790.106
[GRAPHIC] [TIFF OMITTED] 79790.107
[GRAPHIC] [TIFF OMITTED] 79790.108
[GRAPHIC] [TIFF OMITTED] 79790.109
[GRAPHIC] [TIFF OMITTED] 79790.110
[GRAPHIC] [TIFF OMITTED] 79790.111
[GRAPHIC] [TIFF OMITTED] 79790.112
[GRAPHIC] [TIFF OMITTED] 79790.113
[GRAPHIC] [TIFF OMITTED] 79790.114
[GRAPHIC] [TIFF OMITTED] 79790.115
[GRAPHIC] [TIFF OMITTED] 79790.116
[GRAPHIC] [TIFF OMITTED] 79790.117
[GRAPHIC] [TIFF OMITTED] 79790.118
[GRAPHIC] [TIFF OMITTED] 79790.119
[GRAPHIC] [TIFF OMITTED] 79790.120
[GRAPHIC] [TIFF OMITTED] 79790.121
[GRAPHIC] [TIFF OMITTED] 79790.122
[GRAPHIC] [TIFF OMITTED] 79790.123
[GRAPHIC] [TIFF OMITTED] 79790.124
[GRAPHIC] [TIFF OMITTED] 79790.125
[GRAPHIC] [TIFF OMITTED] 79790.126
[GRAPHIC] [TIFF OMITTED] 79790.127
�