[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]
HOUSE OFFICER PRIORITIES FOR 2019 AND BEYOND
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON HOUSE ADMINISTRATION
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTEENTH CONGRESS
FIRST SESSION
__________
APRIL 9, 2019
__________
Printed for the use of the Committee on House Administration
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available on the Internet:
https://www.govinfo.gov/committee/house-administration
__________
U.S. GOVERNMENT PUBLISHING OFFICE
37-038 PDF WASHINGTON : 2019
--------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].
C O N T E N T S
----------
APRIL 9, 2019
Page
House Officer Priorities for 2019 and Beyond..................... 1
OPENING STATEMENTS
Chairperson Zoe Lofgren.......................................... 2
Prepared statement of Chairperson Lofgren....................
Hon. Rodney Davis, Ranking Member................................ 3
Prepared statement of Ranking Member Davis...................
WITNESSES
Hon. Cheryl L. Johnson, Clerk of the House of Representatives.... 5
Prepared statement by Ms. Johnson............................ 7
Hon. Paul D. Irving, Sergeant at Arms............................ 20
Prepared statement of Mr. Irving............................. 22
Hon. Philip G. Kiko, Chief Administrative Officer................ 28
Prepared statement of Mr. Kiko............................... 30
Hon. Michael Ptasienski, Inspector General....................... 51
Prepared statement of Mr. Ptasienski......................... 53
QUESTIONS FOR THE RECORD
The Honorable Cheryl L. Johnson, Clerk of the House of
Representatives, responses..................................... 69
The Honorable Paul D. Irving, Sergeant at Arms, responses........ 82
The Honorable Philip G. Kiko, Chief Administrative Officer,
responses...................................................... 100
The Honorable Michael Ptasienski, Inspector General, responses... 129
HOUSE OFFICER PRIORITIES FOR 2019 AND BEYOND
TUESDAY, APRIL 9, 2019
House of Representatives,
Committee on House Administration,
Washington, DC.
The Committee met, pursuant to call, at 10:01 a.m., in Room
1310, Longworth House Office Building, Hon. Zoe Lofgren
[Chairperson of the Committee] presiding.
Present: Representatives Zoe Lofgren, Raskin, Mrs. Susan
Davis of California, Butterfield, Fudge, Aguilar, Mr. Rodney
Davis of Illinois, Mark Walker, and Barry Loudermilk.
Staff Present: Sean Jones, Legislative Clerk; Khalil
Abboud, Deputy Staff Director; Teri Morgan, Deputy Staff
Director; David Tucker, Parliamentarian; Daniel Taylor, Chief
Counsel; Jamie Fleet, Staff Director; Peter Whippy,
Communications Director; Brittany Randall, Minority Director of
Member Services; Timothy Monahan, Minority Director of
Oversight; Jennifer Daulby, Minority Staff Director; and
Courtney Parella, Minority Communications Director.
The Chairperson. The Committee on House Administration will
come to order. I would like to thank the Members of the
Committee, our witnesses, and all those in the audience for
being here today.
I am pleased to have our House officers with us this
morning.
The work you perform enables us to keep focused on our
work, delivering for our constituents, and we are grateful for
it.
House operations face many challenges. Physical and cyber
security, both here and in our districts and attracting and
retaining a highly skilled, diverse workforce and helping
Member offices adopt new technologies that allow all of use to
communicate better with our constituents is so important.
These challenges and many more require us to be constantly
reevaluating what works and what doesn't and to be always
planning and prioritizing based on the highest value for the
taxpayer and the greatest service for the Member office.
It is my intention to continue the tradition of this
Committee with bipartisan work on overseeing our House
officers. I know Mr. Davis' staff and mine meet regularly with
each of you on ongoing projects and initiatives. And I believe
the House works better when more opinions are heard about how
it should work. Our hearing this morning is the first of many
to make sure that we are meeting our responsibilities as
stewards of this great institution.
Before we begin, I would like to make a couple of comments
about the men and women who work with the House officers and
Inspector General. From the tally clerks to the security
engineers, the protocol officers and the financial statement
auditors, this Committee will focus on making sure that every
institutional office of the House is a good place to work,
where people are treated fairly and with respect.
In the near future, we will restart our workplace rights
training. I have reviewed every page of the curriculum,
incorporating feedback from Members and staff alike, to make
sure it works with our new House Rules. We are also working
with our vendor to find ways we can make the training more
meaningful for managers and supervisors who are on the front
lines of creating a welcoming workplace.
I would like now to recognize our Ranking Member, Mr.
Davis, for any opening remarks that he may wish to make.
[The statement of the Chairperson follows:]
STATEMENT OF CHAIRPERSON ZOE LOFGREN, COMMITTEE ON HOUSE
ADMINISTRATION HEARING, ``HOUSE OFFICER PRIORITIES FOR 2019 AND
BEYOND.'', APRIL 9, 2019
The Committee on House Administration will come to order. I
would like to thank the Members of the Committee, our
witnesses, and all those in the audience for being here today.
I'm pleased to have our House Officers and Inspector
General with us this morning. The work you perform helps
enables us to keep focused on our work--delivering for our
constituents and we are grateful for it.
House operations face many challenges: physical and cyber
security, both here and in our districts, attracting and
retaining a highly skilled, diverse work force and helping
Member offices adopt new technologies that allow all of us to
better communicate with our constituents. These challenges--and
many more--require us to be constantly re-evaluating what works
and what doesn't and to be always planning and prioritizing
based on the highest value for the taxpayer, and the greatest
service for the Member office.
It is my intention to continue the tradition of this
Committee with bipartisan work on overseeing our House
Officers. I know Mr. Davis' staff and mine meet regularly with
each of you on ongoing projects and initiatives and I believe
the House works better when more opinions are heard about how
it should work.
Our hearing this morning is the first of many to make sure
we are meeting our responsibilities as stewards of this great
institution.
Before we begin I'd like to make a couple of comments about
the men and women who work for the House Officers and Inspector
General. From the tally clerks, to the security engineers, the
protocol officials and the financial statement auditors, this
Committee will focus on making sure that every institutional
office of the House is a good place to work, where people are
treated fairly and with respect.
In the near future we will restart our workplace rights
training. I've reviewed every page of the curriculum
incorporating feedback from Members and staff alike, and making
sure it works with our new House Rules.
We are also working with our vendor to find ways we can
make the training more meaningful for managers and supervisors,
who are on the front lines creating a welcoming workplace.
I now recognize the Ranking Member for any opening remarks
that he may wish to make.
Mr. Davis of Illinois. Thank you, Madam Chairperson.
Welcome to our officers.
Before I begin, I would like to take a minute, though, to
recognize and honor the contributions made to the House by two
individuals, Alan DeLuca and Mike Pratt. Both these men were
longtime employees of the CAO who recently passed away. And it
is the tireless work ethic and steadfast commitment to service
that Mike and Alan both demonstrated that make our jobs as
Members of Congress much easier. My deepest sympathies are
extended to their families and their friends and all their
coworkers.
The Chief Administrative Officer, Mr. Kiko--great to see
you--Clerk and House Inspector General and their teams are
collectively responsible, as we know, for the non-political
operations of the House. They are tasked with authenticating
the legislative process, through the Clerk's operation;
managing the business processes that allow every office to
function, through the CAO's operation; ensuring every Member,
staffer, and visitor has a safe experience, through the
Sergeant at Arms administration; and then through the watchful
eye of the Inspector General, their operation, all of those
tasks and processes are reviewed to ensure that taxpayer
dollars are spent wisely.
All of you have laid out important priorities for the 116th
Congress in your testimony, from modernizing the Legislative
Information Management System, to improving physical security
in district offices, to enhancing cyber-security for the House.
It is clear your priorities are thoughtful and intended to
improve House operations.
There is a constant balance between the priorities of the
institutional offices and the priorities of Member offices who
rely on their services to operate. The priorities of both are
often in alignment, but at times there is a disconnect between
what institutional offices think Member offices need versus
what they need.
My overarching priorities for all four of you do can be
broken into four areas: first, improving proactive
communication with offices; second, building a strong culture
of service in all that you do; third, instituting commonsense
processes and procedures--we don't need to make things overly
bureaucratic just because we can--and, finally, ensuring the
House is getting a return on investment for the additional
resources that you receive. With additional resources also come
additional expectations.
Thank you all for being here today. I look forward to
working with you, continuing to work with each one of you.
I yield back.
[The statement of Mr. Davis of Illinois follows:]
STATEMENT OF RANKING MEMBER RODNEY DAVIS, COMMITTEE ON HOUSE
ADMINISTRATION HEARING, ``HOUSE OFFICER PRIORITIES FOR 2019 AND
BEYOND.'', APRIL 9, 2019
Before I begin, I would like to take a minute, though, to
recognize and honor the contributions made to the House by two
individuals, Alan Deluca and Mike Pratt. Both of these men were
long-time employees of the CAO who recently passed away. And it
is the tireless work ethic and steadfast commitment to service
that Mike and Alan both demonstrated that make our jobs as
Members of Congress much easier. My deepest sympathies are
extended to their families and their friends and all their co-
workers.
The Chief Administrative Officer, Sergeant at Arms, Clerk,
and House Inspector General and their teams are collectively
responsible, as we know, for the non-political operations of
the House. They are tasked with authenticating the legislative
process, through the Clerk's operation; managing the business
processes that allow every office to function, through the
CAO's operation; ensuring every Member, staffer, and visitor
has a safe experience, through the Sergeant at Arms
administration; and then through the watchful eye of the
Inspector General, their operation, all of those tasks and
processes are reviewed to ensure that taxpayer dollars are
spent wisely.
All of you have laid out important priorities for the 116th
Congress in your testimony, from modernizing the Legislative
Information Management System, to improving physical security
in district offices, to enhancing cyber-security for the House.
It is clear your priorities are thoughtful and intended to
improve House operations.
There is a constant balance between the priorities of the
institutional offices and the priorities of Member offices who
rely on their services to operate. The priorities of both are
often in alignment, but at times there is a disconnect between
what institutional offices think Member offices need versus
what they actually need. My overarching priorities for all that
the four of you do can be broken into four areas.
First, improving proactive communication with offices.
Second, building a strong culture of service in all that you
do. Third, instituting common sense processes and procedures--
we don't need to make things overly bureaucratic just because
we can. And, finally, ensuring the House is getting a return on
investment for the additional resources that you receive. With
additional resources also come additional expectations.
Thank you all for being here today. I look forward to
working with each of you and your organizations. I yield back.
The Chairperson. Thank you, Mr. Davis.
Joining us today is Cheryl L. Johnson, the Clerk of the
House. Ms. Johnson was sworn in as Clerk of the House on
February 25, 2019 and is the 36th individual to serve as our
Clerk.
Paul D. Irving, Sergeant at Arms, was sworn in as Sergeant
at Arms of the House of Representatives on January 17, 2012. He
is the 36th individual to serve as Sergeant at Arms, an office
that goes back to the first Congress in 1789. He is the chief
law enforcement and protocol officer of the House and is
responsible for maintaining order on the House side of the
United States Capitol complex.
Paul Kiko, who is the Chief Administrative Officer, was
sworn in as Chief Administrative Officer of the House on August
1, 2016. He is the eighth person to serve as Chief
Administrative Officer since the position was created in 1995.
He is responsible for the information technology, financial,
logistic, human resources, and procurement services provided to
Members and their staff.
Michael Ptasienski was appointed as the fifth Inspector
General of the House on February 15, 2018. Prior to being
appointed IG, he served in the IG's Office as the Deputy
Inspector General, Advisory Administrative Services, and as the
Director of Management Advisory Services.
It is my pleasure to welcome our witnesses to the Committee
this morning.
Each of you will be recognized for 5 minutes, but your
entire written statement will be made part of the record, so we
encourage you to summarize it. As you know, we have a lighting
system, and when you hit 1 minute, the yellow light will show
up. When it turns red, your time is up and we would ask you to
try to wrap up.
So, first, we will turn to you, Ms. Johnson, for your
testimony. And welcome.
STATEMENTS OF THE HONORABLE CHERYL L. JOHNSON, CLERK OF THE
U.S. HOUSE OF REPRESENTATIVES; THE HONORABLE PAUL D. IRVING,
SERGEANT AT ARMS, U.S. HOUSE OF REPRESENTATIVES; THE HONORABLE
PHILIP G. KIKO, CHIEF ADMINISTRATIVE OFFICER, U.S. HOUSE OF
REPRESENTATIVES; AND THE HONORABLE MICHAEL T. PTASIENSKI,
INSPECTOR GENERAL, U.S. HOUSE OF REPRESENTATIVES
STATEMENT OF THE HONORABLE CHERYL L. JOHNSON
Ms. Johnson. Good morning. Chairperson Lofgren, Ranking
Member Davis, Members of the Committee, thank you for this
opportunity to testify about the priorities of the Office of
the Clerk, and thank you for your guidance and support.
The Clerk's Office is a nonpartisan organization integral
to the legislative process. We provide the procedural
assistance and support necessary for the orderly conduct of
official business of the House, its Members, and committees.
I will use my time to outline our four key priorities for
2019 and beyond, starting with the Legislative Information
Management System modernization and redevelopment project, also
known as LIMS.
LIMS enables the House to conduct legislative business and
enables the public to follow that business. It brings in bill
information, floor activity, Member and committee information,
and executive communications from the House and Senate and
distributes that information to GPO, the Library of Congress,
Members, committees, House officers, and the public.
However, LIMS was built more than 30 years ago and operates
on an outdated programming language on a very old platform. The
cost and technological risk of continuing on this platform are
high, as finding skilled developers to work on legacy platforms
is difficult and maintaining the current system demands
significant resources.
Migrating LIMS to a modern technology will allow it to be
more flexible to readily incorporate changes and accept new
legislative requirements while maintaining a high level of
security to better meet the House needs.
A second key priority is supporting committees.
As part of our efforts to improve communications and
strengthen relationships with House staff, we collaborated with
the Parliamentarian and the CRS and Congressional Staff Academy
to host a briefing in January for all committee clerks. The
briefing provided new and veteran clerks with tools they need
to do their jobs and included sessions on the legislative
process. We plan to continue our training series throughout the
year.
In addition, our Official Reporters provide reporting
services for all Committee markups, hearings, and depositions
as well as for investigative interviews. These services are
subject to increased demand given the expanded deposition
authority and oversight needs. In fact, in the 3 short months
of the 116th Congress, our Official Reporters have supported
more than 460 hearings and markups.
The Comparative Print, or Posey Print project is a third
key priority. This technology allows us to create comparisons
between current law and what the law would be with the bill's
proposed changes. Today, the Rules Committee and the office of
the House Legislative Counsel have access to the document
comparison tool. Our goal for the end of phase three in August
2020 is to expand the application to a single comparison tool
and to expand access to all House staff.
Our fourth key priority is personnel development. We
continue to evaluate training opportunities for our staff to
ensure they align with our mission and goals and to enhance
cross-training as employees with specialized skills retire.
This initiative gives current employees hands-on experience in
highly specialized areas and promotes career growth within the
organization.
Our aim is to keep exceptional employees motivated by
strengthening their current skills and helping them acquire new
ones. We have established a thorough training plan to further
develop our workforce talent and broaden our institutional
memory to be able to promote from within and to ensure
personnel transitions do not disrupt our operations.
We also will continue to recruit highly qualified new
employees from a diverse pool of applicants.
We look forward to continuing to carry out our many other
important responsibilities, as outlined in my written
testimony. Thank you for this opportunity, and I look forward
to your questions.
[The statement of Ms. Johnson follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very much.
We will turn to you, Mr. Irving.
STATEMENT OF THE HONORABLE PAUL D. IRVING
Mr. Irving. Good morning, Chairperson Lofgren, Ranking
Member Davis, and Members of the Committee. I appreciate the
opportunity to present the Office of the Sergeant at Arms
operational priorities for 2019. It is an honor and a privilege
to serve this institution, and I look forward to working with
the Committee as the year progresses.
As noted, although I have submitted my full testimony for
the record, I would like to briefly highlight and update the
Committee on a number of security initiatives for 2019.
In the past few years, the Sergeant at Arms, in conjunction
with the Capitol Police, has enhanced security services, to
include screening prior to entry of our buildings, developed an
enhanced security focus to assist Members in this increased
threat environment, expanded security services into district
offices and district-based events, and moved the Capitol
complex closer to 100 percent screening by bringing the House
office buildings into the secure perimeter.
Unfortunately, many Members receive threats and direction
of interest communications that raise concerns for them, their
families, and their staffs. In light of these threats and
concerning communications, my office interfaces with Members'
offices seeking security coordination for off-campus events in
the Washington, D.C., area, in their districts, or elsewhere
across the country.
We work with the Capitol Police to provide a level of
protective support that is based on threat intelligence and
proactive criteria which may form the basis of an enhanced
level of support. Protective services can range from security
awareness briefings in the Member's district to a request for
local law enforcement support for a public appearance by the
Member, and also deployment to the Member's district by the
Capitol Police.
In regard to district office security, my office continues
to build upon the success of our District Office Security
Program that was launched in the summer of 2017. Since its
inception, the program has assisted 390 district offices with
the installation of intrusion-detection systems, alarms,
cameras, panic buttons, and coordinated local law enforcement
support of nearly 450 events and townhalls across the country.
We have also documented nearly 13,000 outreach interactions
with Members and their offices. In addition, my office has
distributed 386 mail hoods to help protect district staff when
opening mail.
Focusing on the Capitol complex, we are working toward the
implementation of House garage security to ensure full
screening into the House office buildings and in line with the
Capitol and Senate office buildings. I am pleased to announce
that, with the assistance of this Committee, security screening
from all garages will be ready for implementation this year.
One of our largest operational initiatives is the Joint
Audible Warning System. This is a shared effort with the
Capitol Police, the Architect of the Capitol, and the Senate
Sergeant at Arms to replace the aging emergency annunciator
system introduced as a temporary measure following the events
of 9/11. The system components of these pager-like devices,
located in all D.C. offices, are beyond their end-of-life
dates, the technology is outdated, the battery components are
no longer manufactured, and the system support from the vendor
is limited. Seventeen years after implementation, we are
seeking a new, separate, non-cell-tower-based system for
emergency notifications throughout the House to ensure that
emergency voice notifications are transmitted via secure
radiofrequency to all offices and meeting rooms throughout the
campus.
As I have noted, a more detailed listing of my operational
priorities are provided in my extended testimony, such as
replacement of the GSA-rated safes for Members to store
classified and sensitive information.
Thank you again for the opportunity to appear before the
Committee. I am so appreciative of the Committee's unyielding
support and our partnership as we strive to maintain the
delicate balance between strong security measures and a free
and open campus to the Capitol complex.
I am happy to answer any questions you may have. Thank you.
[The statement of Mr. Irving follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very, very much.
Mr. Kiko.
STATEMENT OF THE HONORABLE PHILIP G. KIKO
Mr. Kiko. Good morning. I want to thank each of you for the
opportunity to present the CAO's priorities, which include
improving and expanding upon our customer services, advancing
the House's cybersecurity posture and technology support, and
modernizing its internal and customer-facing processes.
The CAO is the largest House-specific support organization,
with over 700 employees who provide a broad spectrum of
services. Our employees assist offices with voucher processing,
logistics and asset management, technology support, payroll,
wellness, child care, et cetera.
The CAO has taken on new responsibilities, such as
facilitating the workplace rights training for an estimated
16,000 individuals last year and standing up the new Office of
Employee Advocacy and assisting with various analyses of House
practices and functions.
The services provided by the CAO, old and new, are critical
to the House operations and must constantly evolve and improve
to meet the needs of Members.
I recognize that major improvements need to be made with
our financial and asset management services. We have been
working hard on these. We have brought in outside consultants,
we have been working with the Committee, and I believe there is
light at the end of the tunnel.
But it is not just these major areas that we must work on
improving. We must continuously improve all our services, make
the customer experience better by putting them first, meet
their needs, and seek ways to improve our services.
The CAO's mission at its 1995 inception was ``to constantly
and consistently listen to our customers, meet their needs, and
seek ways to improve our services.'' The customers are Members.
It is simple. The CAO is to listen, deliver, and improve.
And that is exactly what the organization's strategic plan
put into motion: a process to better listen to our customers,
deliver the services that they need, and to constantly improve.
It is changing the way we approach service delivery. We
launched a new business unit. We rolled out professional
development training for House staff and did training, as was
mentioned, for clerks, House financial systems, et cetera.
We are enhancing House-wide services that save Members
money, working to expand our technology services and reduce
reliance on vendor support. Last Congress, our mailing services
team corrected nearly 60 million mailing records for Members'
offices, saving them $17 million in postage and $18 million in
production services.
We have responded to the overwhelming demand for food
service improvements.
And the CAO also has paramount responsibility, as we all
know, in protecting the House against malicious actors
constantly seeking to gain access to House data. In just 1
month, every month, the CAO blocks an estimated 1.6 billion
unauthorized scan probes and connections, including 300 million
to 500 million cyber attacks and an average of 12.6 million
questionable emails to thwart fishing attacks. In 2018, our
cybersecurity office deployed 615,000 patches and 3,000
malicious indicators to over 16,000 network-connected devices
on campus.
I am paying close attention to the issues raised before the
Select Committee on the Modernization of Congress to ensure the
CAO's priorities align with and meet the needs expressed by
Members, including those related to constituent communications,
the adoption of new technologies, compensation trends, and
district office support.
Technology modernization is one area that the CAO is moving
aggressively towards. Our fiscal year 2020 budget requests
funding for a more aggressive cloud strategy and with the
Committee's support, we will be moving into a cloud-first
strategy for all new technology endeavors.
And while the House does allow the use of cloud tools and
authorized several dozen for use, integrating these tools in
the past has been too difficult. I would like to speed this
process along. To help solve this problem, the CAO is
considering creating a technology innovation lab where Members
can test, evaluate, and share innovative technology and ideas.
I want to again thank you for presenting the CAO's
priorities. I just want to close out by saying, since I have
been at CAO, the process I am trying to do is Member-first, the
processes that Members want, not necessarily what people in the
CAO think is best.
Thank you.
[The statement of Mr. Kiko follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very much.
And finally but not least, Mr. Ptasienski.
STATEMENT OF THE HONORABLE MICHAEL T. PTASIENSKI
Mr. Ptasienski. Good morning, Chairperson Lofgren, Ranking
Member Davis, and Members of the Committee. I am both pleased
and honored to appear before you today in my capacity as the
Inspector General of the House.
I would like to briefly provide a little bit of background
on our office and work before talking about priorities for 2019
and beyond.
Our core mission is to conduct audits of the financial and
administrative functions of the House. Since the first
Inspector General of the House was appointed in 1993, the OIG
has worked closely with the House officers and those charged
with oversight to improve the operations of the House, reduce
inefficiencies, minimize costs, identify and prevent fraud, and
mitigate risk. We provide traditional audit services as well as
proactive analysis and guidance for improvement through our
management advisory services.
The priorities for my office are largely driven by those of
this Committee and the House officers. As new initiatives are
undertaken, policies are updated, technology and/or process
changes are made, the risks also change.
The House will face numerous challenges during the 116th
Congress and beyond, some of which we know and others we do
not. The OIG will continue to do our part to help the House
officers and this Committee identify and manage risks wherever
they exist. We are dedicated to making the House secure, safe,
and more efficient and effective.
I believe our independent, data-driven audit and advisory
work is critical to both the officers and this Committee as you
work to prevent issues that could adversely impact the
operations of the House and the legislative process.
At the direction of this Committee and in collaboration
with the House officers we have revamped the audit planning
process. This collaborative, transparent process involves
discussions of risk, current and planned initiatives, and
discussing existing operational challenges. We have these
conversations with both the officers as well as the key staff
that handle the day-to-day operations.
Through our regular meetings with Committee staff, we also
discuss the concerns and priorities of those with oversight
responsibilities. These planning discussions allow us to gather
a much more comprehensive view of the House environment and
form our risk assessment process. I believe this communication
has also improved coordination between my office, the House
officers, and this Committee.
We have submitted and reviewed our draft 2019 work plan
with the Committee staff. It is a focused, risk-based audit
plan that centers on critical aspects of the House
administrative operations, legislative process, and security. I
look forward to receiving approval on that plan so we can begin
work on these important efforts.
For the foreseeable future, it is apparent that
cybersecurity and ensuring the resiliency of House systems and
infrastructure will continue to be an area of focus. Technology
is ever-evolving and continues to become much more embedded in
all aspects of House operations.
While technology offers great efficiencies and can
dramatically improve the delivery of information and services,
it also expands the number of attack vectors for cyber attacks
and creates new risks, where even a simple outage can disrupt
key services.
In addition, the continued evolution of cloud services and
applications offers a potentially limitless number of locations
where both personal information and House data may reside.
Being able to quickly deploy and take advantage of new
technologies while also ensuring that processes are in place to
manage information security is both critical and an immense
challenge.
Chairperson Lofgren, I wish to thank you, Ranking Member
Davis, and Members of the Committee for the opportunity to
appear before you today. I want to assure you that will we
continue to provide our unbiased and independent assessment of
risk, provide data-driven analysis, and offer practical
recommendations to improve the effectiveness and efficiency of
House operations.
At this time, I would be happy to answer any questions you
have.
[The statement of Mr. Ptasienski follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very much.
And thanks to all of you, not only for your good work for
this institution but for your testimony today.
Now is the time when members of the Committee may ask
questions of the witnesses, and I am going to turn first to the
gentlelady from California, Mrs. Davis.
Mrs. Davis of California. Thank you very much, Madam
Chairperson.
And thank you for all of you who make the House a better
place for those who work here and, of course, those who visit
here as well.
My question is for Ms. Johnson and Mr. Kiko. I appreciate
very much your willingness to work with me on an idea that we
have had in my office to modernize the way that we add
cosponsors to bills.
As you all know very well, legislative staff and interns
are constantly calling and emailing around for cosponsors and
running signed cosponsor sheets to the Capitol when, in fact,
they certainly could be doing other probably more important
work. The processing of lists of names takes several hours of
Clerk staff time as the cosponsor sheets are handwritten and
can be easily misread.
So there is really no good reason for our co-sponsorship
process to be like this in 2019. It is neither efficient nor
secure considering that there about 135,000 co-sponsorships
every Congress, saving time here could certainly free up many
hours of legislative and Clerk staff hours.
I propose that we develop a new electronic system that
would provide offices with a checklist of bills that they can
sign on to and bill sponsors with a way to collect names and
let others know their bills are open for cosponsors. An online
system could increase efficiency and accountability, as there
would be an electronic record of authorized staff signing on to
bills.
The creation of such a system would not be difficult but it
certainly would require collaboration between the Clerk's
Office and the CAO's Office. I wonder if each one of you, Ms.
Johnson and Mr. Kiko, if you could tell me how you suggest we
proceed and how the Committee can best support you as we
explore this idea. What do you see as the next steps?
Ms. Johnson.
Ms. Johnson. I would recommend that we begin talking to the
Parliamentarian's Office to make certain that we don't in any
way impose on the integrity of the current system, which I
don't see as a problem. We have started talking to our
legislative computer people, and they are certain they can
develop software to make certain this process is carried out
efficiently.
I think it is a matter of changing the culture of the
Members because they are very accustomed to doing it the old-
fashioned, manual way. It would certainly benefit the Clerk's
Office. We spend about 5 hours daily each day that we are in
session between collecting the cosponsors, calling the offices
back to make certain that the names are correct, and, even
after that, just putting the data into the system of all the
cosponsors. It is very, very time-consuming.
The Clerk's Office prides itself on reliability and
efficiency, and so we will look into it and just make certain
that nothing is lost in the process.
Mrs. Davis of California. Thank you.
Mr. Kiko, did you want to comment?
Mr. Kiko. We would be willing to assist the Clerk on the
technology aspects if they need it.
I know from my own personal--and I guess some of this is
about, you know, figuring out a way, on your idea, just to
validate what is currently already happening. Obviously, staff
is making calls, you know, putting people on. Maybe that would
be really critical, to make sure the validation process up
front is correct.
And so that is how I see it. I have worked on a personal
staff before and I can attest to how difficult the process is
and how it is time-consuming. We would be willing to assist the
Clerk in any way we could.
Mrs. Davis of California. Thank you very much. I appreciate
that.
Madam Chairperson, I certainly know how much time it takes
in our offices. I had no idea how much time it took in the
Clerk's Office.
The Chairperson. Thank you very much, Mrs. Davis.
I turn now to the other Davis on the Committee, the Ranking
Member, Mr. Davis.
Mr. Davis of Illinois. Thank you, Madam Chairperson.
And hello, Mr. Kiko. How are you today?
Mr. Kiko. I don't know. I will tell you at the end of this
hearing.
Mr. Davis of Illinois. I see you brought your entourage
back too. Mr. Clocker is having flashbacks to his time spent
here.
Phil, what do you see as the biggest technology challenges
that Member offices face right now?
Mr. Kiko. I think with regards to technology, it has to do
with the interface sometimes with the Finance Office on how we
interface on voucher processing. I think it has to do with an
interface also just with regards to the computer requirements
that we have, with regards to the IT requirements that we have.
I think that the challenge is basically because there is a
tension between security with regards to our whole technology
system that we have, and then we have these many devices that
Members have and it is not a very centralized function. And I
think there is frustration sometimes on the interaction on IT
things with regards to the CAO's Office.
Mr. Davis of Illinois. Okay.
Mr. Kiko. Does that make sense?
Mr. Davis of Illinois. Yes. I wanted to get your opinion on
that. You certainly had to listen to mine sometimes and we did
last week. We had a great conversation on the technological
backbone of HIR and how do we create more competition within
our CMS systems to be able to help get Member offices the most
up-to-date technology to be able to communicate with our
constituents. I look forward to working with you and your team
on those issues.
Mr. Kiko, it is my understanding that last year the CAO's
Finance Office was reviewed by an outside consulting firm. What
were the recommendations from that study and when will they be
implemented? And, most importantly, how are they going to help
Member offices?
Mr. Kiko. Well, I think the recommendations--there were
about 30 recommendations that had to do with a lack of written
processes for the CAO operation. And they took a deep dive into
everything we did. I think that we are to implement the
recommendations and the processes--there were several, like 200
or 300, process recommendations in addition to other
recommendations.
And we are supposed to have those implemented by the end of
this year. I do think that it will tell employees in the
various operations what they are supposed to do and how they
are supposed to do it, written down rather than just in
somebody's head and ``this is the way we have always done it.''
Mr. Davis of Illinois. Okay.
And I mentioned the Member offices. You and I and your team
have gone through an office of finance review process. We
updated some of the categories a few years ago. Thank you for
your work.
Obviously, you know my viewpoint is, I view the CAO and the
Office of Finance as somewhat of an insulation point for
Members. I want to make sure you know that this Committee, all
of us on this Committee are hoping to work with you to make
sure that Members don't ask for things that get Members in
trouble. We want to make sure that you have the tools that you
need.
And that is why I am most concerned--and we can talk later.
I want to know how these changes are going to help Member
offices too----
Mr. Kiko. Right.
Mr. Davis of Illinois [continuing]. Not just help the
Finance Office. Because we want to make sure--it is not just
about voucher times, processing times. It is, what the end
result? How are your processes going to make it easier for
Member offices to work in conjunction with the Office of
Finance?
Any comment there?
Mr. Kiko. No, I mean, I am trying, especially on the
voucher processing, on making the processing time shorter.
Mr. Davis of Illinois. I understand that, but that
shouldn't be our only focus. The voucher processing time is not
the only focus.
Mr. Kiko. Right.
Mr. Davis of Illinois. That is, you know----
Mr. Kiko. Well, I think, overall, we are going to have more
integrity in the system, and we are going to be able to rely on
the system.
But with regards to, you know, the finance audit, we have
been doing okay with regards to the auditors. But we need to do
better, I agree, with regards to how we interface with Member
offices and make things better and faster and less
bureaucratic.
Mr. Davis of Illinois. Thank you.
Mr. Irving, thanks for your badge implementation. I don't
have enough time, so I have to skip you.
Ms. Johnson, quick question. What steps is OHEC taking to
proactively reach out and educate Members about best practices
in workplace rights?
Ms. Johnson. We have a series of trainings. We are working
in conjunction with the CAO's Office in training chiefs of
staff, and we also offer trainings to Members on workplace
rights.
Mr. Davis of Illinois. Okay. Thank you.
The Chairperson. Thank you very much.
I would like to recognize the gentleman from North Carolina
for his questions.
Mr. Butterfield. Thank you very much, Madam Chairperson.
And let me say good morning to all of you and thanks very
much for your testimony today.
In my prior life, I was a judge for some 15 years, and I
would show up in superior court every Monday morning and have a
courtroom full of people and full of defendants and full of
lawyers, but I could not do my work without the court
personnel. I was useless as a judge. As Members of Congress, we
are--I am not going to say ``useless,'' but we are marginalized
unless we can have the support of men and women like
yourselves.
I want to thank you very much for the incredible work that
you do on behalf of all of us. And not just you. You are at the
top of the chain, but you have many, many people who work with
you and for you who give of themselves every day. I just want
to ask you to extend to them our appreciation for all the work
that they do.
This is serious work that we do here in Washington. We all
know that. The Sergeant at Arms, I have really developed an
appreciation for the incredible role that your office plays in
the life of Members of Congress. I am not sure that the newer
Members of Congress really understand and appreciate the depth
of the work of the Sergeant at Arms, and, hopefully, as the
years go on, they will develop an appreciation for it, as I
have done.
I am always looking for ways to increase Member security
without being ridiculous, and there is a fine balance between
that. You know, whenever Members have an emergency in their
lives--and we have known some over the last few years--we
become very attuned to the risks that we face, but as time goes
on, that kind of wanes and we kind of relax.
Many of us are from rural communities. I have 14 counties
in my district. Some are urban; some are rural. I find myself,
from time to time, on back roads late at night all alone,
sometimes with staff, sometimes without staff. Sometimes the
cell phone works, and sometimes it doesn't work.
I guess what I need to ask you, is there technology in
place where you can locate a Member if there is an emergency? I
know the technology exists. I mean, right on our phones, we can
enable our devices to allow designated people to know where we
are. And if we were to call you in an emergency, would you be
able to--I know the police can do it as well. Can you identify
where we are?
Mr. Irving. Congressman, it is a great question. The
technology does exist. We do have a system in place. It is a
matter of us working closely with the individual Member so the
Member is okay with us tracking their movements. That is the
key. Is the Member authorizing us to----
Mr. Butterfield. Do Members know that? Do Members know that
that capacity exists, that that technology exists? Because I
would be delighted for the Sergeant at Arms and the Capitol
Police to be able to know my location in case of an emergency.
Mr. Irving. It certainly is an ongoing education to the
Members. I will say that Members all have cell phones, or most
have cell phones, and with those cell phones we can track. We
do have everyone's contact information so we do have the
ability to certainly track them. Again, it is just a matter of
ensuring that they are okay with that service.
Mr. Butterfield. Sure. But please--and I know you are going
to do this, but please continue to remind Members of the
incredible security risk that all of us face every day.
I think we heard from one of the other gentlemen about the
hackers, the thousands and thousands of attempts being made
every hour, I suspect, of people trying to infiltrate the
workings of the House.
To Mr. Kiko, I didn't realize the severity of the bad
actors--and I guess they are not just domestic; they are
international as well--who are constantly trying to hack into
our systems. Would you repeat that data again? I was caught by
surprise. I knew it was a serious problem, but I didn't know
the magnitude of the problem.
Mr. Kiko. Well, in just 1 month--I will read my statement--
--
Mr. Butterfield. Yes.
Mr. Kiko [continuing]. The CAO blocks an estimated 1.6
billion unauthorized----
Mr. Butterfield. Are you saying ``billion,'' ``B''?
Mr. Kiko. Yes.
Mr. Butterfield. Billion?
Mr. Kiko [continuing]. Probes, scans, and connections and
300 million to 500 million cyber-attacks each month.
Now, you know, on the first----
Mr. Butterfield. Is the trend line increasing, or is it
flat?
Mr. Kiko. It is increasing.
Mr. Butterfield. It is increasing by the year.
Mr. Kiko. It is increasing. It is getting more intense and
the actors are getting more sophisticated. The trick is for the
CAO to stay ahead. We try to stay ahead of the curve. We have a
lot of ways to try to block things from coming in.
Mr. Butterfield. I would suspect your office interfaces
with the CIA and the FBI and the----
Mr. Kiko. Yes, we interface with all the law enforcement
agencies, correct.
Mr. Butterfield. Even at the State level.
Mr. Kiko. At the State level if we need to, yes.
Mr. Butterfield. Okay.
In your testimony to the Legislative Branch Appropriations
Subcommittee, you mentioned $2 million in savings was realized
from district office upgrades. Is that accurate?
Mr. Kiko. Yes. And it has to do with the technology for
VoIP, you know, and replacing it--you know, not replacing VoIP,
but having a better, cheaper system in district offices than
what they have. We have been working our way through that with
new Members. So, overall, it has been a cheaper system.
Mr. Butterfield. Again, thank all of you for your
incredible work.
I yield back.
The Chairperson. Thank you.
The gentleman from Georgia is recognized.
Mr. Loudermilk. Thank you, Madam Chairperson.
I appreciate all of you, what you are doing, and the time
you are spending with us today.
Security, Mr. Irving, has been a key issue for your office
especially over the past few years. We have had even some
classified briefings on the increased security threats. Many of
us have lived through some of those, like you and I. I like
you, but I never wanted to spend this much time with you on an
official basis.
But a couple of questions. I remember not long after the
baseball shooting that Mr. Davis and I were out there on the
field with, the policy was changed, apparently, where if there
was a significant number of Members together that we were going
to get security. Are we still doing that?
Mr. Irving. Yes. Absolutely.
Mr. Loudermilk. Is there a magic number or formula that we
use for that or----
Mr. Irving. No. We ask Members to let us know when they are
off campus----
Mr. Loudermilk. Okay.
Mr. Irving [continuing]. And let us make the determination.
Frankly, I would rather know when Members are off campus and
make that decision.
Mr. Loudermilk. Okay. All right.
You also mentioned that you are enhancing local security
back in the districts for different events and coordinating
with law enforcement, and you mentioned even having Capitol
Police potentially come. What is the trigger mechanism to
determine when you are going to bring a Capitol Police Officer
in the district?
Mr. Irving. A host of factors. We first will solicit local
law enforcement support. They are the ones who can respond the
quickest and have the most assets in the district.
Mr. Loudermilk. Right.
Mr. Irving. If we feel comfortable with local law
enforcement support, we will leave it at that.
If for some reason local law enforcement cannot support the
Member event, then I will authorize the Capitol Police to
deploy to the district, again, depending on the event and
whether I see the risk is such that we need to send additional
law enforcement.
Mr. Loudermilk. Okay.
The other question is regarding the implementation of the
enhanced screening in the parking lot that is going to be done
this year--or in the parking areas.
What changes would we see, operationally, for us? I mean,
would that put us in a situation where access to the Capitol is
more like it is in Senate? Or will we have fewer areas of
ingress into the building from the parking areas? If you could
just kind of touch on what changes we would see after this is
implemented.
Mr. Irving. Yeah, the real positive change I see is that
the screening on the House side will be similar, almost
identical, to what we see on the Senate side, which is no
magnetometer screening from the Capitol to the Senate office
buildings.
Mr. Loudermilk. Okay.
Mr. Irving. I foresee a day where there is no magnetometer
screening and much more free flow of staff. Members, obviously,
bypass the magnetometers, but much more of the free flow of
staff that are many times with a Member from the House office
buildings to the Capitol.
Now, on the House office building side, there would be some
business process change. As staff enter the garages, we will
ask them to be screened at that point, similar to them
screening from the street. Now, all pedestrians coming into the
House office buildings will be screened, and that will, again,
alleviate the concern of additional screening into the Capitol.
Mr. Loudermilk. The staff-led tours would not have to go
through the magnetometer in the Cannon tunnel per se once it
is----
Mr. Irving. Technically correct.
Mr. Loudermilk. Okay. Thank you. I think that will be a
great enhancement.
Mr. Kiko, you and I have discussed this in the past, and I
just want to ask--and Mr. Irving can weigh in, too, if it is an
area of concern there. Mine is dealing with the district
offices and cyber--not district offices but Members' home
offices and cybersecurity.
I see, coming from the IT background, that one area of
weakness is just someone at home goes to Walmart or any other
business and buys an off-the-shelf router that the password is
``password,'' they put it on with their cable system, and all
of a sudden now somebody driving down the road can get into
their local network.
Is that something that is being addressed? Is there
something to look at best practices or some training of how to
best secure your homes?
Mr. Kiko. Well, I would say that all the practices that we
ask Members to do here on campus are applicable to what you do
at home. You know, whether it is changing passwords, you know,
we will sit down and talk to you about how to best do that. We
have done that with other Members.
We are going to have some kind of a fair coming up, I
think, in a couple of weeks--and I will send that out--where it
is basically a bunch of people in the cyber world meeting with
Member offices on this particular issue. It is Members, you
know, their offices, and these kind of things.
It is basically the same practices that we try to do here,
but it is more difficult with regards to what you do at home.
Mr. Loudermilk. Madam Chair----
Mr. Kiko. Does that make sense?
Mr. Loudermilk. Yeah, it does.
I saw the Inspector General was nodding his head. I didn't
know if you had maybe some comments on that as well.
Mr. Ptasienski. I would agree. The practices that are in
place here at the House would be wholly applicable to Members
working from home or from their offices. Some of the toolsets
that the--if they are using VPN technology to get in, there is
some degree of security that goes in there.
But, also, on the back end, those threats that the Chief
Administrative Officer blocks all the time, they come from a
variety of sources. And now we have many more endpoints than we
used to and IP-enabled devices. So my advice to Members would
be: Be cautious anywhere you are, if you are in a hotel, if you
are at home working. There really aren't safe locations to do
your work.
Mr. Loudermilk. Thank you.
Mr. Kiko. I just want to say one thing. One of the biggest
areas that we have where computers are ruined is people opening
up phishing emails. And that would be one thing at home, which
is hard to do because you get so much, but that would be the
first one. If you don't know who is sending it, don't open it
up.
The Chairperson. Thank you.
The gentleman from Maryland.
Mr. Raskin. Thank you, Madam Chairperson.
Mr. Kiko, let me start with you. It was a pleasure visiting
with you the other day.
I want to follow up on Mr. Butterfield's question about the
numbers of cyber intrusions and attacks we are fending off
every day. I was also staggered by those numbers. I just
couldn't believe we are dealing with hundreds of millions or
billions of attempts a year.
My question is, are we just playing defense on that? In
other words, are we just trying to screen them out? Or do we
actually go after the people who are doing it and attempt to
prosecute cases and figure out where it is coming from?
Mr. Kiko. Well, we are in constant communication with law
enforcement agencies on this matter. As was indicated earlier,
a lot of these are from nation-states, and so that presents a
different scenario and different complications.
But some of it is just, you know, when they do the probes
and they do the scans, and then they will see where some
vulnerabilities are. Then they will try to do the probe, and
then they will try to get in so this is sort of a constant kind
of thing.
We do work with law enforcement where we can, but a lot of
it is just, you know----
Mr. Raskin. Yeah.
Mr. Kiko. It is so hard. A lot of it starts in the dark
web, and, you know, it is just hard.
Mr. Raskin. You have described in your testimony the CAO's
efforts to expand access to cloud services, like Microsoft
Office 365, which would allow Members to access email and Word
documents, Excel spreadsheets, other Members, and so on, all by
using a House-issued device.
And we obviously use a lot of PDF documents here in the
House. That is the standard file format for final legislative
text, for constituent casework. Is there a CAO effort underway
to examine the feasibility of House-wide access to cloud
services that will support PDF documents?
Mr. Kiko. I would have to check on that. Hold on.
The answer is yes.
Mr. Raskin. Good. Okay. Because I think that would----
Mr. Kiko. We will follow up with you on that.
Mr. Raskin. It would make our lives a lot easier. Thank you
very much.
Ms. Johnson, let me come to you. Do you have the resources
and personnel in place to achieve all the goals of your office
that you have developed?
Ms. Johnson. At this time, I do. I certainly have the
resources in place.
My concern is that this area is just such a competitive
technological area, and I concern myself with our salaries
being able to keep up with IT salaries in the area and
particularly with the oncoming of Amazon in the area. About a
fourth of the Clerk's Office work staff is IT. I am just
concerned about the competitive salaries.
Mr. Raskin. I got you. Okay. Well, that is something that
we will keep our eye on, too, then.
And is it true that you are a resident of Maryland's Eighth
Congressional District?
Ms. Johnson. You are my Congressman.
Mr. Raskin. Well, that is wonderful. Well, a special
welcome to you.
I have just a final question for Mr. Irving--a couple
questions.
One, what is the significance of prescreening Members,
staff, and visitors to the Capitol complex, Mr. Irving?
Mr. Irving. We employ the concept of prescreening to
attempt to encounter a problem as far outside an office
building as possible. We don't want the security issue to be
inside. And if our pre-screeners can identify a problem and
hopefully neutralize a problem outside, we feel it puts us at a
far advantage versus, again, inside an existing secure
perimeter.
Mr. Raskin. I got you. You have procedures in place for
that pre-screening process?
Mr. Irving. Yes. And we do this because the campus is so
open. We really attempt to balance the openness of the campus
with security. And one way to put the advantage on our side,
with such an open campus, is to push out our security to be
able to identify things before they get to us.
Mr. Raskin. Okay.
And, finally, Mr. Irving, I think I raised this with you
when you were kind enough to drop by my office. Those of us who
are on the House Administration Committee have two sets of
constituents. One is our constituents back home, and then, by
virtue of being on the House Administration Committee, our
colleagues become constituents, in a way.
And I wanted to ask your help with a recurring constituent
complaint I have gotten from some of my colleagues. And this is
just about the hours of the House garages, specifically the
Cannon garage, where I have heard a number of Members say they
could be waiting 15 or 20 minutes before they leave because
they have to go radio and ask someone else to come over.
I am just wondering whether we could work on extending the
hours of the House garages for Members who work late. I mean,
it seems to me like midnight would be a reasonable time to go.
A lot of Members, you know, will be here for, you know, dinner
meetings and events and late-night caucuses and so on. And I
just wonder whether that is something we might be able to
explore.
Mr. Kiko. Absolutely. We will certainly look into it.
We end up really balancing the number of Members utilizing
those doors with the cost for the Capitol Police to staff them.
But having said that, we want to make sure that every Member
has access to the garage when they need it.
I commit to working with you on that, and I promise I will
follow up.
Mr. Raskin. Thank you very much.
I yield back, Madam Chairperson.
The Chairperson. The gentlelady from Ohio is recognized.
Ms. Fudge. Good morning. Thank you all so much for being
here.
Thank you, Madam Chairperson.
As I have read and listened to your testimony, I really do
see some commonality of purpose between your various offices,
especially as it relates to systems. You are concerned about
your security of the system and the efficiency of the system.
Do you all ever talk to each other about your systems?
Because maybe they could work together better.
Mr. Kiko. We have frequent meetings all the time----
Ms. Fudge. That is great.
Mr. Kiko [continuing]. Among the officers and frequent
meetings with the IG.
Ms. Fudge. The four of you get together on a regular basis?
Mr. Ptasienski. We do talk.
Ms. Fudge. That is great to hear.
Just for each of you, what are the top two things that you
would like to make sure you accomplish by the end of this
Congress? And what do you see as the priority and vision for
your offices for the next 5 years?
Ms. Johnson. I will go first.
I would say one of the top priorities is just to continue
to recruit the best and the brightest staff from a very diverse
pool of highly qualified applicants. We are working--whenever
we have an opening, we are certainly consulting with the new
House Inclusion and Diversity officer as well as working with
minority-serving institutions and HBCUs. Number one is just,
again, to have the best talent available and to recruit and
retain that talent.
And, again, secondly, I would say just being able to be
competitive with salaries. I am just afraid people are not
going to stay unless they are paid a good wage for this area.
Thank you.
Mr. Irving. I would say my two biggest priorities in the
short term for this year would be the garage security project,
to ensure that our House office buildings are within the secure
perimeter, and the second would be to finish our Joint Audible
Warning System to ensure that we have true redundant
communications in the case of an emergency and we need to
evacuate the premises or tell Members to go some other place
other than their office.
In the next 5 years, I would focus on the districts and try
to be more consistent with our protocols in the districts. As
Mr. Butterfield indicated, I would like to ensure better
coordination with all the Members with regard to the tools that
we have at our disposal to keep them safe and ensure that
Members take advantage of all of those tools.
Ms. Fudge. Would that include continuing to put resources
in our MRA for security in our district offices?
Mr. Irving. That would be one, but I don't want to over-
speak on that, but----
Ms. Fudge. Right.
Mr. Irving [continuing]. Yes.
Ms. Fudge. Thank you.
Mr. Kiko. I would say that my biggest priority is to--we
started a strategic plan a year ago, and it is about customer,
process, stewardship, and employee. And if it is successful, it
will basically transform how delivery of services are made to
Members. It will be faster; it will be better.
And so that is sort of what my focus is, as far as in the
next 2 years and beyond. I don't want to just deal with what is
in front of me. I want to have the CAO's office, let's say, at
the end of this Congress, to where it should be for the next 10
years, you know?
And the other one is a focus on professional and engaged
CAO employees. Development of employees, training employees,
upward mobility of employees--it has to do with that.
Ms. Fudge. Thank you.
Mr. Ptasienski. Congresswoman, from my perspective, near
term, some of the things that we are looking at or planning to
look at have to do with technology resiliency and disaster
recovery. It is an area that, with the amount of change and new
technologies being brought into play, making sure that we are
helping validate that the House is as resilient as it needs to
be in case something bad were to happen, be it natural,
unintentional, or deliberate or outside.
I think, longer term, I share some of the same concerns as
the House officers, and that is making sure that the House--
that we can get the talent that we need for our positions. As
the Clerk noted, you know, with Amazon moving across the river,
again, it is an additional entity that we will be competing
with for talent, and particularly in technology areas. Making
sure that we bring in the right people and can retain them and
train them, I think that is a longer-term issue that we are
going to have to continue to address but one that is, I think,
going to become very, very important.
Ms. Fudge. Thank you very much, Madam Chairperson.
The Chairperson. Thank you very much.
Just a couple of closeout questions.
First, thank you all for your testimony and for what you
have done here today.
Looking at what the House institutionally has to offer
Members and what Members understand about that is sometimes
disconcerting. For example, HIR technology partners, I think,
only has about 30 Member offices, if I have been told
correctly, and yet it is--I have used it, it is a very
efficient service and Members are spending money needlessly for
outside vendors.
So the question, Mr. Kiko, is, how aggressively are we
marketing--I guess, is that the right word?--to Member offices
the IT service support? Are there cybersecurity benefits to
having more Member offices supported exclusively by the HIR
technology partners? And if so, what are we doing to increase
the uptake?
Mr. Kiko. Well, we do have a marketing team, and we are
going to be marketing those kind of services.
I think that, in the past, some of those services have not
been very well-received. And I am not going to judge that, but,
you know, once you get off on the wrong foot, sometimes it is
basically hard to dig yourself out.
So what we are trying to do is increase, you know, the
training, increase the people that we hire, increase how they
interact with Member offices. And we are pitching the service
with the customer advocates, you know, that we have hired to
circulate around the Member offices.
I am sort of hoping the combination of all those will be
better, because I think, from a security perspective, we would
prefer that our people be working on the system.
The Chairperson. I would love to work with you on that, and
sometimes Members can market to other Members. But if we are
going to do that, I think we are going to need to incorporate
the feedback from Members and then to you for corrections if
there are things that people are unhappy with. You only get one
chance to make a first impression.
Mr. Kiko. That is right.
The Chairperson. On the cyber issue, our policy is that
critical updates have to be installed within 10 days, which I
think is actually a pretty long--too long a time, and that
noncompliance will result in disconnection from the House
network. That is, I think, our policy.
Has that been enforced? And if so, how quickly? And what
has been the feedback?
Mr. Kiko. Well, I think that I would have to defer, you
know, on this, but it is my impression from what I know that we
try to enforce those policies, but sometimes it is very
difficult to enforce policies, especially dealing with a bunch
of Member offices, and there is a lot of noncompliance.
And what we are trying to do on some of this stuff is, if
we move into the cloud, we can automatically----
The Chairperson. You do it yourself.
Mr. Kiko [continuing]. Do it ourselves. And then that takes
that off the table.
The Chairperson. I am going to follow up on an issue we
have been working with you on. The National Institute of
Standards and Technology is the gold standard on technology in
the Federal Government. And they apparently have suggested
that, instead of changing passwords constantly, it would be
better to have an extremely long and complicated and secure
password that is not necessarily changed a lot.
And you can go into any office and you will find by the
Member's computer the password written down because they can't
remember it. I think, you know, human behavior being such, we
have been looking to move to that. Where are we on that?
Mr. Kiko. Well, I think recently we have changed, you know,
the passwords to six characters, and you are only going to have
to change them once a year.
And once we implement the multifactor, you know, in the
next couple of months with regards to mobile devices, and once
we move to it, you know, at the end of the year so everybody
can access it from their mobile devices and their desktop, I
think that you could have that long password at the beginning
when you enter it in but then, after that, you are not going to
have that.
The Chairperson. Very good.
Mr. Kiko. That would be the way to go. But we can engage
you further on that.
The Chairperson. That would be great. And it is one of the
things that Members complain about, constantly changing it.
And, really, because of human behavior, you end up with a less
secure system because of people, you know, sending emails with
``password'' as the----
Mr. Kiko. Correct.
The Chairperson [continuing]. Tagline.
Mr. Ptasienski, in your answer to one of the questions--I
think it was, what is your, kind of, work effort for the coming
year--you talked about the IT strategies.
When was the last time the inspector general did an IT
analysis of the House? And do you think that is something that
would help us improve our IT landscape?
Mr. Ptasienski. We are constantly looking at various
aspects of IT within all the House officer organizations. With
Mr. Kiko and his organization, we spend a lot of time with HIR.
I am not sure if you mean holistically how we handle IT or
what aspect you may be concerned with, but I am more than open
to working with you and the staff to--if there are some
specific concerns or areas, we can definitely----
The Chairperson. Great.
Mr. Ptasienski [continuing]. Look into those.
The Chairperson. I will just close with this. Rather than
get the answer here today, I am wondering if I could ask you to
submit to us your progress on diversity in hiring, what your
plan is.
As you know, we are establishing a diversity office here in
House Administration. But one of the things we want to make
sure is that, you know, the employees of the House look like
America and that we have made every effort to make sure that we
have an excellent and diverse workforce.
And if you could, offline, submit what you are currently
doing, what your plans are in that regard, it would be greatly
appreciated. And then we will have an opportunity to have a
further dialogue.
And with that, I see I am the only member of the Committee
left, so I will thank you for being here today and note that we
will adjourn. Thank you.
[Whereupon, at 11:09 a.m., the Committee was adjourned.]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[all]