[House Hearing, 115 Congress] [From the U.S. Government Publishing Office] REVIEWING CHALLENGES IN FEDERAL IT ACQUISITION ======================================================================= JOINT HEARING BEFORE THE SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND THE SUBCOMMITTEE ON GOVERNMENT OPERATIONS OF THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED FIFTEENTH CONGRESS FIRST SESSION __________ MARCH 28, 2017 __________ Serial No. 115-4 __________ Printed for the use of the Committee on Oversight and Government Reform [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.fdsys.gov http://www.house.gov/reform ______ U.S. GOVERNMENT PUBLISHING OFFICE 25-715 PDF WASHINGTON : 2017 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 Committee on Oversight and Government Reform Jason Chaffetz, Utah, Chairman John J. Duncan, Jr., Tennessee Elijah E. Cummings, Maryland, Darrell E. Issa, California Ranking Minority Member Jim Jordan, Ohio Carolyn B. Maloney, New York Mark Sanford, South Carolina Eleanor Holmes Norton, District of Justin Amash, Michigan Columbia Paul A. Gosar, Arizona Wm. Lacy Clay, Missouri Scott DesJarlais, Tennessee Stephen F. Lynch, Massachusetts Trey Gowdy, South Carolina Jim Cooper, Tennessee Blake Farenthold, Texas Gerald E. Connolly, Virginia Virginia Foxx, North Carolina Robin L. Kelly, Illinois Thomas Massie, Kentucky Brenda L. Lawrence, Michigan Mark Meadows, North Carolina Bonnie Watson Coleman, New Jersey Ron DeSantis, Florida Stacey E. Plaskett, Virgin Islands Dennis A. Ross, Florida Val Butler Demings, Florida Mark Walker, North Carolina Raja Krishnamoorthi, Illinois Rod Blum, Iowa Jamie Raskin, Maryland Jody B. Hice, Georgia Peter Welch, Vermont Steve Russell, Oklahoma Matt Cartwright, Pennsylvania Glenn Grothman, Wisconsin Mark DeSaulnier, California Will Hurd, Texas John Sarbanes, Maryland Gary J. Palmer, Alabama James Comer, Kentucky Paul Mitchell, Michigan Jonathan Skladany, Staff Director Rebecca Edgar, Deputy Staff Director William McKenna, General Counsel Julie Dunne, Senior Counsel Kiley Bidelman, Clerk David Rapallo, Minority Staff Director Subcommittee on Information Technology Will Hurd, Texas, Chairman Paul Mitchell, Michigan, Vice Chair Robin L. Kelly, Illinois, Ranking Darrell E. Issa, California Minority Member Justin Amash, Michigan Jamie Raskin, Maryland Blake Farenthold, Texas Stephen F. Lynch, Massachusetts Steve Russell, Oklahoma Gerald E. Connolly, Virginia Raja Krishnamoorthi, Illinois ------ Subcommittee on Government Operations Mark Meadows, North Carolina, Chairman Jody B. Hice, Georgia, Vice Chair Gerald E. Connolly, Virginia, Jim Jordan, Ohio Ranking Minority Member Mark Sanford, South Carolina Carolyn B. Maloney, New York Thomas Massie, Kentucky Eleanor Holmes Norton, District of Ron DeSantis, Florida Columbia Dennis A. Ross, Florida Wm. Lacy Clay, Missouri Rod Blum, Iowa Brenda L. Lawrence, Michigan Bonnie Watson Coleman, New Jersey C O N T E N T S ---------- Page Hearing held on March 28, 2017................................... 1 WITNESSES Mr. David A. Powner, Director, IT Management Issues, U.S. Government Accountability Office Oral Statement............................................... 6 Written Statement............................................ 9 Mr. Richard A. Spires, Chief Executive Officer and Director, Learning Tree International, Inc. Oral Statement............................................... 33 Written Statement............................................ 35 Mr.Venkatapathi Puvvada, President, Unisys Federal Systems, and Board Member of the Professional Services Council Oral Statement............................................... 44 Written Statement............................................ 46 Mr. A. R. Hodgkins, III, Senior Vice President, Information Technology Alliance for Public Sector, Information Technology Industry Council Oral Statement............................................... 63 Written Statement............................................ 65 Ms. Deidre Lee, Director, IT Management Issues, and Chair of Section 809 Panel Oral Statement............................................... 78 Written Statement............................................ 80 APPENDIX Questions for the Record for Mr. David Powner, submitted by Ms. Kelly and Mr. Connolly......................................... 94 Questions for the Record for Mr. Richard Spires, submitted by Mr. Hurd, Mr. Meadows, and Ms. Kelly............................... 101 Questions for the Record for Mr. Venkatapathi Puvvada, submitted by Mr. Hurd, Mr. Meadows, Ms. Kelly, and Mr. Connolly.......... 122 Questions for the Record for Mr. Trey Hodgkins, submitted by Mr. Hurd, Mr. Meadows, Ms. Kelly, and Mr. Connolly................. 131 Questions for the Record for Ms. Deirdre Lee, submitted by Mr. Hurd, Mr. Meadows and Ms. Kelly................................ 142 REVIEWING CHALLENGES IN FEDERAL IT ACQUISITION ---------- Tuesday, March 28, 2017 House of Representatives, Subcommittee on Information Technology, joint with the Subcommittee on Government Operations, Committee on Oversight and Government Reform, Washington, D.C. The subcommittees met, pursuant to call, at 2:04 p.m., in Room 2154, Rayburn House Office Building, Hon. Will Hurd [chairman of the Subcommittee on Information Technology] presiding. Present from Subcommittee on Information Technology: Representatives Hurd, Issa, Russell, Kelly, Connolly, and Krishnamoorthi. Present from Subcommittee on Government Operations: Representatives Meadows, Blum, Hice and Connolly. Mr. Hurd. The Subcommittee on Information Technology and the Subcommittee on Government Operations will come to order. And without objection, the chair is authorized to declare a recess at any time. We are expecting a vote series at three o'clock, so we will get through as much as we can in this hour. I want to say, first off, good afternoon and welcome. This is the first IT Subcommittee of the 115th Congress. I am pleased to have my friend and colleague Robin Kelly at my side once again as the ranking member. In the 114th Congress, the subcommittee held hearings on a wide variety of technology issues, including encryption, cloud computing, health IT, the Federal IT workforce, and the cybersecurity of our election systems, among many others. We worked to establish a tone and a culture of bipartisanship on the subcommittee, and I am excited to work with the ranking member on a host of additional issues this Congress. This is also the first of what I am sure will be many joint subcommittee hearings between the IT Subcommittee and the Subcommittee on Government Operations. I have appreciated working with the Government Operations Subcommittee, Mr. Meadows and Mr. Connolly on the FITARA scorecard and the DATA Act and on numerous other issues. Reforming our outdated acquisition laws and regulations to reflect the realities of commerce in the digital age is a priority for this subcommittee this Congress. Today's hearing will set the foundation for additional, more targeted oversight. It is time that we align the best practices of industry with the Federal Government when it comes to IT acquisition and deployment. The stated purpose of the Federal acquisition system is to, and I quote, ``to provide the Federal Government with an economical and efficient system,'' end quote, to procure goods and services. Today, the complexity of the Federal acquisition system fails to meet this objective. Some examples: As of July 2014, the Federal Acquisition Regulation, or FAR, had over 2,000 pages. In addition to the FAR, individual agencies have supplemental acquisition regulations, guidance, instructions, and policy directives. For example, GSA has the GSAM, GSA acquisition manual; and DOD has Instruction 5000 on operation of the Defense Acquisition System. And there have been multiple executive orders imposing additional requirements on the private sector, further increasing compliance costs. It is no wonder that the number of first-time Federal vendors has fallen to a 10-year low down from 24 percent in 2007 to only 13 percent in 2016. And penalties for even inadvertent violations of this morass of red tape can be steep, including audits, lawsuits, multimillion-dollar settlements, inspector general investigations, and bad publicity. Companies of any size who may initially have an idea or product of use to the Federal Government get discouraged trying to navigate the red tape and direct their energies elsewhere. Startups often don't even try. They can't afford the lawyers. These inefficiencies are costly to American taxpayers and prevent innovative technology from being property utilized in the Federal Government. Yet with great challenges come great opportunities. Reforming our acquisition system so that the Federal Government can properly adopt a buy, not built, approach will result in cost savings, technological advancement, and improved security for our Federal systems. I thank the witnesses for joining us here today, and I look forward to their testimony. Mr. Hurd. I would like to now recognize Ms. Kelly, the ranking member of the Subcommittee on Information Technology, from the great State of Illinois for her opening statement. Ms. Kelly. Thank you, Mr. Chairman. And I look forward to another two years of great productivity from our very bipartisan committee. And thank you, Chairman Meadows and Ranking Member Connolly, for your continued leadership and partnership as our subcommittees continue working together to improve how Federal agencies manage their information technology projects. The Government Accountability Office's 2017 high-risk report makes clear the continued challenges agencies are facing when managing their IT acquisitions. GAO states, and I quote, ``Federal IT investments too frequently fail or incur cost overruns and schedule slippages while contributing little to mission-related outcomes.'' GAO's report highlights the need for President Trump's administration to strengthen, not hinder, IT acquisition reform. The President's action and inaction in certain key areas is likely to have the opposite effect and threaten to undermine agency efforts to improve in their management of IT investments. First, on January 23rd, 2017, President Trump issued an order freezing Federal employee hiring. GAO has reported in the past that hiring freezes have, and I quote, ``disrupted agency operations and in some cases increased cost to the government.'' A hiring freeze impairs the ability of agencies to attract new and talented computer programmers and engineers that could help close any of the skill gaps currently existing at the agencies. It will likely exacerbate rather than remedy the challenges agencies report facing when it comes to hiring the most skilled tech-savvy workforce, making these agencies not only less productive but less effective. Second, the President's continued delay in filling key IT leadership positions deprives the government of the leadership commitment needed to carry out IT acquisition reform. Notably, to date the President has not named a new Federal chief information officer to replace Tony Scott, who departed from the position earlier this year. As GAO's high-risk report makes clear, having a Federal CIO in place is critical to ensuring that agencies are being provided the necessary guidance to improve in their management of IT investments. Nor has the President nominated a director of the Office of Personnel Management, an agency that plays a critical role in securing highly sensitive information and background data on over two million Federal employees. Last month, this committee sent a bipartisan letter to the President urging him to, and I quote, ``nominate without delay a highly qualified director to lead the Office of Personnel Management.'' To date, the President has not acted in response to this committee's request. Finally, it is unclear whether the Trump administration will follow through with issuing critical guidance that would assist agencies in improving the scope of cybersecurity protections in Federal acquisitions. This guidance was first developed under the Obama administration and reportedly close to being finalized by the Office of Management and Budget last year. Earlier today, myself along with Chairman Hurd and Ranking Member Connolly, wrote to OMB to request information on the status of issuing this important guidance. We look forward to receiving OMB's response. I want to thank the witnesses for testifying today. We have a lot of work ahead to improve upon our Federal IT acquisition processes. Your expertise and recommendations will be invaluable to our committee as we examine ways in which to help the Federal Government improve in its management of IT acquisitions and operations. Thank you much, Mr. Chair. Mr. Hurd. Thank you. I now recognize Mr. Hice, the vice chairman of the Subcommittee on Government Operations, for his opening statements. Mr. Hice. Thank you very much, Mr. Chairman. It is an honor to be here with you and with Ranking Member Ms. Kelly and Mr. Connolly, ranking member of the Government Operations Subcommittee. This whole issue of Federal acquisition system is complicated, slow to deliver, does not encourage innovation. I have got a quote here that I would like to read. It says, ``The Federal Government continues to operate old, obsolete computer systems while it has wasted billions of dollars in failed computer modernization efforts. Replacing antiquated computer systems has met with little success because of poor management, inadequate planning, and an acquisition process that is too cumbersome to competitively purchase computer technology before it is obsolete. Efforts by the government to provide greater efficiency and service to the American people will certainly fail unless the process for buying information technology is improved.'' Now, any of us could probably take a stab at who made that statement. It certainly applies incredibly to our situation today, but that is a quote from 1994, a report by then-Senator Cohen called ``Computer Chaos: Billions Wasted Buying Federal Computer Systems.'' This state of affairs has led to what is widely known as the Clinger-Cohen Act of 1996 to improve the way the government bought IT. There certainly has been progress since 1996, but today, we face similar challenges in the IT acquisition process. Large Federal Government IT investments can take years to execute while private sector rewards speed and innovation. William Lynn, former DOD Deputy Secretary, estimated that the Pentagon can take 81 months to develop and make operational a new computer system once it was funded while the iPhone was developed in just 24 months. It is amazing. The failure to deliver innovation in a timely manner cannot continue. The failure to encourage innovation puts our country at risk in a variety of ways and particularly so in securing our Federal IT systems. We spend over $80 billion annually on IT, but 75 percent of this spending is for legacy IT. This just can't continue. Failure to modernize Federal IT means that we will continue to spend more on outdated IT, and our Federal IT will be subject to security vulnerabilities. This committee has spent significant time making sure that agencies implement the Federal IT Acquisition Reform Act, FITARA, because it does empower agency CIOs to make them more accountable for budget and acquisition decisions. FITARA implementation is a big part of IT acquisition reform, but it will not fix all things wrong with the Federal acquisition system. And that is why I am pleased, Mr. Chairman, to be here today and to hear more from our experts about IT acquisition challenges that they see and what Congress can do to improve the situation. I thank each of our witnesses for being here with us today. I look forward to hearing from you. And with that, Mr. Chairman, I yield. Mr. Hurd. Thank you. I would now like to thank again the witnesses for being here. And I am going to hold the record open for five legislative days for any members who would like to submit a written statement. And I would also like to thank the panelists. This was a rescheduled hearing, and I know, Ms. Lee, you flew up from South Carolina to be here and the meeting didn't happen, but thank you for being here again. I would now recognize our panel of witnesses. And when Gerry Connolly gets here, we will let him do his opening remarks. One of my favorite witnesses--I know I am not supposed to have favorites--but David Powner, director for IT Management Issues at the U.S. Government Accountability Office. Thanks for your leadership at GAO and all that you do. Another person that is not a stranger to this committee, Richard Spires, chief executive officer and director at Learning Tree International, Incorporated; and former CIO for the IRS and Department of Homeland Security. Mr. Venkatapathi Puvvada, or P.V., is the president of Unisys Federal Systems. He also currently served on the Board of Directors of the Professional Services Council. Thank you for being here. Trey Hodgkins, III, another repeat offender, senior vice president for the Information Technology Alliance for Public Sector, ITAPS, which is part of the Information Technology Industry Council. And last but not least, Ms. Deidre ``Dee'' Lee, director of IT Management Issues and the chair of the Section 809 Panel. Previously, Ms. Lee was also a senior procurement official at NASA, DOD, and DHS. Welcome to you all. And pursuant to committee rules, all witnesses will be sworn in before they testify. So please rise and raise your right hand. [Witnesses sworn.] Mr. Hurd. Thank you. Please be seated. And let the record reflect that the witnesses answered in the affirmative. In order to allow for discussion, we would appreciate if you would please limit your opening testimony to five minutes, and your entire written statement will be made part of the record. We will go ahead and go with Mr. Powner and then maybe to Mr. Connolly. Oh, you want to go now. You ready? Mr. Connolly. Whatever the pleasure of the chairman. Mr. Hurd. Well, let's go to Mr. Connolly then. Mr. Connolly, you are now recognized for your opening five minutes before we turn the show over to Mr. Powner. Mr. Connolly. Thank you, Mr. Chairman. And I am sorry I was delayed. I am meeting with a huge number of constituents from APEC. You probably are both experiencing the same. And it just went over. So I am so sorry. Welcome to our panel. And thank you, Mr. Chairman and Ranking Member Kelly and my counterpart Mr. Meadows and good friend, for holding a hearing to examine the challenges we face with respect to IT acquisitions. As I have pointed out before, the Federal Government lags behind the private sector in many if not most aspects of IT modernization and the management of IT investments. As the ranking member on Government Ops here in this committee, I have worked to introduce and pass several types of legislation aimed directly at trying to address those shortcomings, most notably, of course, FITARA, or as it is commonly called, Issa-Connolly. [Laughter.] Mr. Connolly. Connolly-Issa even has a better ring, but I am not going there. That is for you to say, Mr. Powner, not for me. Since the passage of FITARA, our subcommittees have issued three biannual scorecards to ensure that it is properly implemented. As I firmly believe, this legislation will provide agencies with greater support for making the necessary improvements in how they buy and deploy technology. It is rather unfortunate that instead of providing agencies with additional tools to strengthen their management of IT acquisitions, we have a hiring freeze now that would make I think it more difficult for agencies to improve in this area. A talented and highly skilled Federal workforce is needed to tackle the difficult challenge of modernizing Federal IT, and there is a skillset that goes along with that. A hiring freeze does nothing but I think damage agencies in their efforts to recruit and retain individuals with the knowledge, skills, and experience to manage many of today's IT investments. When even the private sector reports facing a critical challenge in hiring qualified IT personnel and cybersecurity professionals, it is difficult to see how a hiring freeze works to our advantage at least in this realm. The irony is the hiring freeze comes at a time when the White House announced just yesterday the creation of a new office, the White House Office of American Innovation. According to the Washington Post, one of the key areas that new office would be responsible for handling would be, and I quote, ``modernizing the technology and data infrastructure of every Federal department and agency,'' something this committee and these two subcommittees have been preoccupied with for quite some time. And, by the way, we welcome that. I mean, that would be great. And if it is Jared Kushner and we can sit down with him and talk about our goals and his goals, I think there is a real opportunity for bipartisan common ground as we have achieved here in this committee. In 1982 the GAO determined that Federal hiring freezes instituted by former Presidents Carter and Reagan were not particularly effective and tended to disrupt agency operations and in some cases even increase cost to government. So we need to be careful. We need to make selective exceptions if we are going to have an across-the-board hiring freeze. And I think IT management and procurement and acquisition is one of them. It is a skillset that is badly needed, and we need to be frankly bulking up with both the modernization of IT management and procurement and on the cybersecurity front. So I look forward to hearing from our witnesses today, glad to be back with my partners, Mr. Meadows, Mr. Hurd, and Ms. Kelly, and look forward to your testimony. Thank you, Mr. Chairman. Mr. Hurd. Thank you, Mr. Connolly. Now, I would like to recognize Mr. Powner for his five- minute opening statement. WITNESS STATEMENTS STATEMENT OF DAVID A. POWNER Mr. Powner. Chairman Hurd, Chairman Meadows, Ranking Members Kelly and Connolly, and members of the subcommittees, thank you for inviting us to testify on Federal IT acquisitions. Failed acquisitions are well documented over the years, and the reasons are clear: unclear accountability, big-bang waterfall approaches, OMB not playing a critical role, agencies' insufficient oversight, and the government's inability to effectively leverage industry. This afternoon, I'd like to discuss practical solutions to each of these areas, many of which are grounded in FITARA. I'd like to start by focusing on a recent IT acquisition success story with the November launch of NOAA's geostationary satellite. Despite some cost overruns and launch delays, this weather satellite is providing images and information that will greatly enhance our nation's weather warnings. I'd like to note that most IT acquisitions do not have this level of complexity and that the Federal Government needs to build off of modernization efforts like this starting with accountability and authorities. In the latest FITARA self- assessments, more than half of the 24 CIOs reported that they do not have complete authority over IT acquisitions. This includes large departments like DHS, Energy, HHS, Transportation, and VA. Only about one-third of the CIOs told us during our ongoing work for this committee that they have the authority to stop any project that is not going well. FITARA has clearly raised the profiles of some CIOs and improved their authorities, but many are still not viewed as part of the executive team. We need to keep making progress on CIO authorities, and this will only change significantly if CIOs have support from Secretaries and Dep Secretaries and solid relationships with CFOs and chief acquisition officers. Otherwise, agencies will continue to make modest progress on their authorities. Turning to incremental development, our ongoing work for this committee shows that about 60 percent of the IT projects are taking an incremental approach, but this percentage is not improving since previous years. FITARA requires that CIOs certify adequate use of incremental development, but our work shows that only three of 24 agencies have a policy to do so. More agencies need a policy, and OMB needs to formalize this process so that more IT projects are tackling these deliveries in smaller increments. Having 40 percent of our IT projects not using an accepted practice is unacceptable. Next, the importance of OMB leadership and the critical role of the Federal CIO. In addition to ensuring that agencies expand on their incremental development efforts, there are three additional areas where OMB can significantly help with the delivery of IT acquisitions. One, OMB needs to follow up on the FITARA self-assessments to ensure that the CIOs progress on authorities is continuing. Two, OMB needs to bring back the tech stat reviews on IT acquisitions to ensure that agency executives can answer to the White House on our nation's most important IT acquisitions. And three, OMB needs to provide to the Congress the list of the top IT acquisitions for the Nation and their current status. Recent history tells us that when OMB is involved with this oversight, progress occurs. It's also fair to say that we've taken some steps backwards on progress in these areas towards the end of the prior administration and with the recent change in administrations. Congress needs to continue to push OMB to play this critical role, and GAO plans to do our part following up on our high-risk area and detailed reviews for this committee. Next, agencies need to bolster the oversight of acquisitions in the IT workforce. We wholeheartedly agree with Mr. Spires' recommendations to strengthen agencies' governance and program management. In addition, our recent work for this committee on how agencies assess and address their IT workforce shows that much work is needed here, including how cyber needs are addressed. We would welcome the opportunity to review all 24 Departments' efforts to assess and address their IT workforce needs. In fact, this could be something incorporated into future scorecards. Finally, the government needs to effectively leverage industry. Two areas to mention are, one, better integrating private sector expertise from teams like USDS and 18F into the Federal workforce more than what was previously done; and two, buying more and building less and going with more cloud solutions and proven commercial products. In conclusion, Federal IT acquisitions need clear accountability tackled in smaller increments, OMB's help, stronger agency management, and better industry partnering to ensure more success. I would like to thank both subcommittees for your continued leadership on Federal IT issues. [Prepared statement of Mr. Powner follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Hurd. Thank you, sir, and thank you for your service. Mr. Spires, you are now recognized for five minutes. STATEMENT OF RICHARD A. SPIRES Mr. Spires. Thank you. Good afternoon, Chairmen Hurd and Meadows, Ranking Members Kelly and Connolly, and members of the subcommittees. I'm honored to testify today in regards to improving IT acquisition. And I wanted to acknowledge the great work and leadership of these subcommittees in addressing the issues of improving Federal IT and in particular your work on FITARA. Since I served as the CIO of the IRS and later at DHS, my experience has given me insights to present practical recommendations that address the issues agencies face in acquiring IT. The reality is that acquiring a commodity item like ordering a telecommunications circuit or buying a laptop is very different than acquiring a new mission-critical system that requires custom software development. We need to look at the various categories of IT acquisitions and address recommendations for improvement for each category. As such, I offer five recommendations that address the range of IT acquisitions that government agencies conduct. Much of what agencies acquire is commodity IT, purchasing that involves little acquisition risk, yet many agencies do not manage their inventory of hardware and software assets well, resulting in both overbuying and not effectively leveraging agency buying power. There are significant near-term cost savings in this category. My first recommendation is that Congress include commodity IT purchase metrics in the FITARA scorecard. The agency's CIO, with the authorities of FITARA, should develop a comprehensive and accurate inventory of all agency commodity hardware and software assets and optimize buying based on agency needs. Further, the agency's CIO should develop enterprise purchasing arrangements for their top IT vendors or, as appropriate, leverage the GSA category management and shared service initiatives. Many IT acquisitions require integration to deliver a new or upgraded service capability. Some of these acquisitions are quite significant and are captured as programs on the OMB IT dashboard. Yet the vast majority of acquisitions are IT projects that are the lifeblood of what an organization does day in and day out. But developing an agency competency in project management takes a lot more than just having certified project managers. An agency needs government staff with the capabilities and skills in numerous disciplines and a culture recognizing the importance of project management. My second recommendation is that the administration and Congress ensure that the Program Management Accountability Improvement Act is properly implemented in agencies. This act, signed into law this past December, can help address the project management issues in agencies but only if there's a sustained effort to build a cadre of government staff with the skills and experience to manage IT projects and programs. As part of significantly improving their overall IT capabilities, agencies need to modernize their IT infrastructure as one of their highest priorities. My third recommendation is that the administration, with congressional oversight, require agencies to implement a modern IT infrastructure over a three-year time frame. Given the advances in IT security, most agencies should skip data center consolidation and move wholesale to the use of a modern FedRAMP-approved cloud-based infrastructure. Agencies should be able to derive 20 to 30 percent savings in IT infrastructure spend. The riskiest IT acquisitions are the large IT application programs that should be on the IT dashboard. I have found that delivering such programs requires a strong collaboration amongst key organizations in an agency, proper skills and a robust governance model to facilitate effective decision- making. Most Federal agencies do not have the institutional maturity to handle large-scale IT programs. My fourth recommendation is that agencies should be measured on their IT acquisition and program management maturity. OMB should mandate the use of an IT management maturity model that can measure agencies against an objective set of standards and best practices. Congress should incorporate key elements of the maturity model into the FITARA scorecard. My final recommendation is that Congress should reintroduce and enact the Modernizing Government Technology, or MGT Act. A key component of this act is the ability for agencies to establish working capital funds that could be used in funding IT modernization initiatives. The budget flexibility should enable agencies to shift resources saved through IT efficiencies into funding new modernization initiatives and enable program managers to more effectively plan and resource a program over multiple fiscal years. These five recommendations, if implemented with sustained focus from the administration with continual oversight from Congress, will substantially improve IT acquisition. The benefits of such changes would be many-fold, providing significant savings in IT spend but more importantly greatly helping agencies to better perform their missions. Thank you. [Prepared statement of Mr. Spires follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Hurd. Thank you, Mr. Spires. But you are burying the lead. I would have led with MGT as the first one. [Laughter.] Mr. Hurd. Mr. Puvvada, you are now recognized for five minutes. STATEMENT OF VENKATAPATHI PUVVADA Mr. Puvvada. Thank you. Good afternoon, Chairmen Hurd and Meadows, Ranking Members Kelly and Connolly, and members of the subcommittee. Thank you for inviting me to testify on behalf of the Unisys Corporation. The subject of today's hearing is critical to moving Federal Government towards IT modernization and leading-edge digital services that facilitate a good interaction between the government and citizens. Unisys is a global provider of industry-focused technology solutions integrated with leading-edge security to clients in the government, financial, and commercial sectors. This breadth of experience has placed our company at the frontlines of tackling significant challenges that come with the technology modernizations. Many of you deserve credit for recognizing the need for IT modernization and for crafting MGT Act in last Congress. We encourage you to do the same in this Congress. In my written testimony, I include statement--I include several key principles and best practices that are widely used during successful modernization initiatives. These include a reliance on commercial solutions, focus on reducing costs, and integrated capabilities to allow services to connect seamlessly. I also highlight private sector best practices of how CIOs can successfully transform their enterprises, for example, by establishing strong connectivity with their unit-level CIOs and CTOs and CSOs. To harness emerging innovations, it's important that the government attract and partner with the best and brightest IT solution providers. This allows us to tap into new capabilities such as service delivery--as service delivery models, agile development cloud computing cybersecurity, and other emerging technology solutions. Today, such partnerships are established through a system that in many cases is time-consuming and driven by processes rather than outcomes. Thus, the challenges to be addressed have as much to do with how the government buys as they do with what the government buys. Ultimately, acquisition is an enabler to agency mission delivery success. Unisys offers a number of recommendations that can improve upon the acquisition system we have today, creating a robustly competitive landscape central to ensuring government access to best-in-class innovations. Recommendations that I expand upon in my written statement include seven of the following: First, reemphasizing the preference for government's reliance on commercial solutions and continuing efforts to remove barriers and streamline processes for acquiring such solutions. Second, broadening consideration of potential vendors' past performance to include work performed for non-Federal clients so that commercial best practices can be brought over. Third, enhancing communication and collaboration within the government and between the government and industry to include improved communication among C-suite executives and one-on-one discussions with potential vendors, as well as meaningful debriefings with the bidders. Fourth, greater reliance by agencies on statement of objective instead of prescriptive statements of work and the adoption of innovation templates that providers--provides vendors with the flexibility to introduce innovations and focus on them. Fifth, encouraging vendors to provide demonstrations of new capabilities and emerging technologies through the performance of a contract. Sixth is focusing on value over price by limiting use of low-price technically acceptable evaluation criteria, particularly where non-commodity services are sought. And seventh, increasing use of downselects and multiple awardee contracts that enable and focus on past performance and capability instead of cost alone. Additionally, to harness innovation and achieve IT modernization goals and digital transformation, agencies must be staffed with an acquisition workforce that is equipped with the right skillsets and supporting resources. Unisys' perspective is that our smartest clients are our best clients. To that end, we encourage investment in the acquisition workforce to bolster capacity to procure IT solutions effectively. Language in FITARA requiring the development of IT acquisition cadres within the agencies is a step in the right direction. Also, shifting leadership mentality that encourages calculated risk-taking in agencies such as DHS is a very positive development. We're supportive of the expansion of the Procurement Innovation Labs across the government. We're particularly impressed by DHS Procurement Innovation Lab and HHS Buyers Club. In summary, we at Unisys believe government can make significant progress in addressing these technology challenges by focusing on investments in modernization, improvement in acquisition, enabling change in management and governance and training. This concludes my oral statement. Thank you. I look forward to answer questions. [Prepared statement of Mr. Puvvada follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Hurd. Thank you, sir. Mr. Hodgkins, you are recognized for five minutes. STATEMENT OF A.R. HODGKINS, III Mr. Hodgkins. Chairmen Hurd and Meadows and Ranking Members Kelly and Connolly, thank you for the opportunity to share our perspectives on challenges the Federal Government faces regarding information technology investment acquisition and management. There are many stakeholders, including these subcommittees, who should be applauded for their time and effort to reform acquisition over the last few years. The technology sector, however, has not found those efforts at reform to have had substantial effect, and in many cases they have only resulted in incremental changes addressing symptoms rather than the root problems of the dysfunctioning government acquisition. The IT Alliance for Public Sector has proposed to President Trump that the time is right to change the way the Federal Government acquires IT, and we would make the same suggestion to the subcommittees. IT modernization is the key to increasing cybersecurity for government networks. Further, acquisition reform is essential to modernized IT in the government and attain greater cyber assurance. In other words, we cannot have cybersecurity without IT modernization, and we cannot acquire the goods and services we need for either of these goals without changing the way we acquire IT. All three are inextricably linked. As this committee has identified, we are using IT systems that are now decades old. Many of the challenges with IT acquisition lie in processes that anticipated lengthy development to deliver a platform or solution for use over a long period of time. But that dynamic no longer works for IT. It capabilities and computing power are evolving and improving faster than the government can follow, underscoring the imperative for change. To deliver these new capabilities, modernized IT and better secure the government's networks, the time is right to reimagine the acquisition process. We recommend four areas of focus for the committee to begin the process of modernization and reform. Number one, assess and inventory the technologies we have today. We do not have a complete picture of the IT hardware and software the government currently owns and is using. Such an action serves several purposes. First, it uncovers exactly what the government owns and is using; second, it determines where vulnerabilities may exist and sets priorities for addressing them; and third, it will reveal what needs modernization and help identify solutions. Congress should use oversight to enforce existing inventory requirements and establish new requirements where there may be gaps. My second point is to identify meaningful funding for IT modernization. Last Congress, ITAPS strongly supported the efforts by Chairman Hurd, Ranking Member Connolly, and others to fashion a bipartisan means of funding IT investment, and we encourage their continued focus on this problem. The funding challenge Congress must resolve is that agencies either have the appropriations to continue operating the IT investments they have already made or fund investments in modernization, but they do not have enough funds for both. Without such a change, the Federal Government will be unable to modernize IT or effectively protect networks and systems from cyber threats. Third, invest in a tech-savvy workforce. While there are many smart and tech-savvy IT personnel within the Federal Government, there are simply not enough of them. Congress should focus on establishing better IT training and digital capabilities for existing personnel to make them more tech- savvy, regardless of their role. Congress should also work to unencumber the Federal hiring process to attract new talent that can bring new ideas into the Federal workforce. My final point is that we should unleash the innovative power of the existing industrial base and the commercial sector. We already have innovation in the companies that sell goods and services to support the government mission, but government's unique compliance requirements on vendors distorts what they can sell and how they can deliver it. For commercial companies, such compliance requirements are often prohibitive. Congress should address these burdens and remove those that do not improve the acquisition outcome or derive better value for the taxpayer. In other words, Congress should help make the government a better customer. Not all of these challenges can be addressed through legislative actions, but many solutions and outcomes can be driven through the oversight role that these subcommittees and Congress can exercise. Additionally, much of what I have identified requires cultural changes, some of which will not be simple and congressional oversight of agency management can help to drive those changes. We did not get where we are overnight, and solutions and modernization will not happen overnight either. However, we can no longer accept that these challenges are too hard to address. I encourage the committee and Congress to embrace and enable IT modernization and all that it can deliver and reimagine IT acquisition with us. We are ready to help with such an undertaking. Thank you again to the chairmen and ranking members and members of the committee for the opportunity to present these thoughts. My submitted testimony addresses these and other related topics, and I'd be happy to address your questions at the appropriate time. [Prepared statement of Mr. Hodgkins follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Hurd. Thank you, sir. Ms. Lee, you are now recognized for your five-minute opening remarks. STATEMENT OF DEIDRE LEE Ms. Lee. Mr. Chairman, Ranking Members, members of the subcommittee, my name is Deidre Lee. I am the chair of the 809 Panel and a retired Federal employee. I submit my statement of the record, and I will summarize for the committee. A little bit of background first on the 809 panel. The panel was established by the fiscal year 2016 NDAA and amended by section 863(d) of the fiscal year 2017 NDAA. The amendments specifically clarified the independence of the panel. The panel, by statute, was authorized to focus on DOD, although, as we all know, what happens at DOD often is reflected across the government. But the main question is, is the acquisition system as we commonly refer to it impacting the ability of the Department of Defense to maintain--obtain and maintain technological dominance, whether that be in our IT systems, our weapons systems, or our back-office systems. How is the acquisition impacting that? Also, specifically in the statute we were to streamline the system, improve efficiency and effectiveness, look at appropriate buyer and seller relationships, and look at the financial and ethical and integrity of Defense programs. It's a big scope. The panel was seated in August of 2016, and we have 18 commissioners, as we refer to them, which are appointed panel members, and they are listed in the--my written testimony, but I will just very briefly go through them: Mr. Dave Ahern, who is a well-known program manager at the Department; Major General Casey Blake, he is the head of Air Force contracting at--currently; Mr. Elliott Branch, I'm sure the committee has seen Mr. Branch. Mr. Branch is the head of the Navy contracting; Al Burman, prior OFPP administrator; David Drabkin, well-versed in GSA and also worked on the Pentagon renovation; retired Vice Admiral Joe Dyer, well-known for his program management; Cathy Garman, a prior staffer on the Hill here; Claire Grady, the current defense procurement and acquisition policy director; Brigadier General Mike Hoskin with the Army who is Army contracting; Bill LaPlante, prior SAE; retired Major General Ken Merchant from the Air Force; Mr. Dave Metzger, who is practicing attorney and is well-versed in protests and those--that realm of our oversight; Dr. Terry Raney; retired Major General Darryl Scott, who is very familiar with contingency contracting, served for us overseas; retired Lieutenant General Ross Thompson, same, Army but contingency contracting; Larry Trowel and Charlie Williams, previously chair of the DCMA. So as you can see, we have a broad group and a lot of work to do here. Our panel has already formed eight teams, and they are statute baseline. We were specifically told to do that and we're doing that. We have streamlined the acquisition process. We're looking at commercial buying. We're looking at barriers to entry, successful programs, information technology acquisition, and budgets, fiscal constraint, and then workforce has been mentioned here. As you know, we do have an IT acquisition team formed a bit--over a month ago so it's too early to give you specific results. And I could and would like to spend a great deal of time talking about what we've found in each committee, but there simply isn't time and that's not the focus of this. We have met with over 100 people, meetings, associations, but I can tell you that there are four recurring themes that we see, and they're covered more in depth in my testimony, but I'm just going to name them here. We--our themes that we see are we need to execute to mission mentioned by almost every one of my prior testimony. We are sometimes more engaged with other nice-to-do but ancillary actions that impede our mission. I think Chairman Hurd covered that quite well. We need to simply everything. Often, we talk about the big programs and the big dollars, but simplifying the little transactions matters, too, and we have just simply too much regulatory underbrush that needs to be cleared out, modernized, updated. We need to value time, and I'm going to go a little bit over what someone said here. It would be nice to turn the technology in three years and completely renovate, but it takes us two years to issue a contract. How are we going to get there? This has got to be reduced. We treat time with disregard and that has to change. And then the last one I'm going to mention here is we need to decriminalize commerce, and we can discuss that further should you care. None of this is new. Our point right here is we need to go bold. The time of nibbling around the edges, making minor adjustments is well past us. What our committee--what our panel is going to come up with is going to be in many cases controversial, and it will probably impact some very specialized groups. The time is now. We're blocking our own ability to reach technology. [Prepared statement of Ms. Lee follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Hurd. Thank you, Ms. Lee. I would now like to recognize Mr. Hice for five minutes of questioning. Mr. Hice. Thank you, Chairman Hurd. I appreciate it a great deal. I think all of us know just based on your testimony there have been a number of failed IT projects in the Federal Government. And many of these projects go on for years and years and years before someone finally steps in and stops the bleedings. And the examples are abundant. One of them that comes to mind is a VA. For years, they tried to develop an integrated financial and asset management system across the agency. In 1998, they made their first attempt at this project. Then, they terminated it six years later in 2004. So 2005 rolls around and they decide to try it again. As recent as 2009, they had planned to deliver a fully operational system by 2014, but all of it was terminated in 2011. That program was $609 million. And the examples are on and on and on. NASA, NOAA, and DOD, $15 billion project that lasted over eight years before it failed. It goes on and on and on and on. So, Mr. Powner, let me begin with you. Why do so many of these projects fail? Mr. Powner. So there are some common themes on all these. The VA systems you talked about, the requirements were poor. They had a very poor schedule. There's also a lack of focus on delivery. The combination of the DOD/NOAA satellite acquisition, we started off on that, requirements weren't good, the complexity was far too much. We finally settled on a satellite that had far less sensors. So this gets back to some basic things that FITARA's trying to do. If these agencies would go smaller in more incremental bites, we would deliver a lot better. It would be easier to define your requirements in smaller increments and deliver in smaller increments. I think that's key. Also, too, with some of these programs there wasn't real clear accountability. I think with what you're trying to do with FITARA where the CIOs are in charge, one of the comments I made in my opening statement is we just recently talked to all 24 CIOs and only eight of them told us that I have the authority to cancel one of these troubled programs. So two- thirds do not have the authority to cancel a troubled program in their department or agency. We still got a lot of work there. Mr. Hice. Okay. So lack of accountability and biting off more than they can chew basically you say. Ms. Lee, let me ask you this, just kind of piggy-backing on what Mr. Powner said, why in the world does it take so long to fail? I mean at some point--does it take eight years to figure out this thing is not working? Does it take $15 billion or--why does it take so long to fail? Ms. Lee. It should not. You know, that's the basis of what are your measures, at what increments, who's looking at these things, how is your contract structured, and the ability--and I think it was very well said--the ability of people to raise their hands, speak up, and say something's not going right and actually have an impact. Mr. Hice. So who is responsible to raise their hand and say something's not going right? Ms. Lee. It certainly depends on the program. If we're talking large programs, there's usually a program manager who's in charge of that, and he's usually--he or she's usually surrounded by a team. Mr. Hice. All right. So the program manager is where the buck stops in your opinion ---- Ms. Lee. In my ---- Mr. Hice.--your testimony, okay. So ---- Ms. Lee. For large programs, for large--some are smaller -- -- Mr. Hice. Well, sure. Yes, but the larger programs I think is primarily what we are zeroing in here. Mr. Spires, you led the IRS Business Systems Modernization back in '04. You have had a lot of experience with all this. In your opinion, why do these projects fail? Mr. Spires. Well, pick up on the themes here but even what some more points on this, it is the program management's-- manager's responsibility and his or her team to drive a program, but what I have found too often in government is that the program manager really is not given the authority, right, many times, and there's not a decision-making, a governance model at the highest levels of the agency to effectively guide and to help the program manager. So I've actually reviewed programs, sir, where you literally have had program managers being pulled different directions by different senior leaders in the organization. That's a recipe for failure. I have found over and over in reviews of programs, probably reviewed more than 100 major programs in U.S. Federal Government that we usually have failure when a combination of not having the skilled program manager and the team that's supporting that program--and I'm talking about government people here. This isn't just about contractors, government people. And we don't also have a good governance model that's set up so you have the right people together to be able to make the right decisions. And time and time again, that's where I've seen failure. Mr. Hice. My time is expired, Mr. Chairman, but there is a real key here with these project managers and a lack of accountability and this whole structure, that there is a major breakdown there. Ms. Lee, your comments about the criminalization of commerce, I would love to hear you go deeper into that situation as we had time. But thank you, and I yield back. Ms. Lee. Mr.--if I may, on one of the things we're seeing from the 809 panel is certainly what was said here about the team around the program manager, but that team has all got to have the same driving goal, which is achieving performance and results. Unfortunately, we are seeing many conflicting goals. Someone who's specialty has--you know, they really have to drive home their test or someone else who's focus is on something else. And that confluence of competing priorities does impact a program. So one of the things we're seeing from a panel standpoint is we may recommend it--we're not at recommendation stage yet-- but to say we need to boldly declare that the purpose of an acquisition system is to buy the right thing timely at the right cost. The other nice-to-do, good-to-do are secondary goals and must be managed as such. Mr. Hurd. Thank you. I would now like to recognize Ms. Kelly for her five minutes. Ms. Kelly. Thank you. It seems the moment you buy the latest smartphone, the next model is already out and twice as powerful as the one you bought before. If this is hard to say current with one personal device, imagine the difficulty of keeping current with the vast information technology portfolio that GAO projects to reach $89 billion this year alone. Ms. Lee, this is a problem you have seen as part of your work on the Section 809 Panel, which you have described to us. How do you think this panel will be different from so many other acquisition reform commissions of the past so that are not simply identifying a problem, which you have done so well and others, but are actively working to solve them? Ms. Lee. Ms. Kelly, that--thank you for that question. One of the things that we've been instructed very clearly from meetings with our constituents and in fact some of the stuff is we want to be more 809 Panel-esque, and if you recall the 809 Panel delivered as part of the report actually line-in, line- out language so that as you deliberate--you the Congress deliberate and say, yes, we think that's a good idea or no, we don't like that one, but we've actually shown you how we believe--if it's statutory, you know, and we are doing the trace-back of all the regulations to the statutory base if there is one. If not, where did it come from? So some of these recommendations may be able to be made regulatorily, but some of them, and a good number of them, do have statutory base. So what we're offering forward in our report will be that detailed last--not last mile, last inch of a report. Ms. Kelly. Thank you. When Clinger-Cohen was passed, the internet was will an emerging consumer technology. The way we use and buy technology has dramatically changed since the mid- '90s and government is relying on a 20th century procurement system to acquire 21st century technology. How can this panel ensure its recommendations are technology-neutral enough to accomplish both today's information technology and whatever may become possible tomorrow? Ms. Lee. Ms. Kelly, my mantra for this panel that gets some people's attention and makes a lot of people nervous is go bold. If we don't give you bold recommendations, we will have missed the mark. And we are looking at things such as that question. Is the competition of the 21st century the same as it was when some of the--when the Competition in Contracting Act was enacting? Maybe competition occurs differently, maybe at a different level, maybe in a different format, which would significantly change how we contract. We are looking at what I call remedies. We have a very robust protest system. Is that the correct remedy approach for both the government and industry? Extremely controversial area. We are looking at and asking ourselves, okay, we have a lot of good socioeconomic policies. Individually, they're all good things to do. Collectively, they're crushing. And we're looking also at the underbrush. We've found some very anecdotal things right now but some, you know, little things that we're putting clauses in contracts and, as Mr. Hodgkins mentioned, a new entrance going--is going what's this? I have to sign up to these 155 things? And oh, by the way, you'll get back to me in two years? We've actually met with some people on the West Coast who said a quick no is better than a tortuous yes and that our system is a tortuous system. And those are for people who we kind of want to do business with, and they look at us as a very risky and perhaps unattractive ---- Ms. Kelly. Right. Have you happened to find any best practices in your work on the Section 809 Panel that can be applied to other agencies? Or it sounds like not really but I will give you a chance. Ms. Lee. Well, we're early. We do have a team that is looking at mostly major weapons systems. Obviously, there's the big dollars but smaller number of transactions. We're also looking at the smaller dollars with larger numbers of transactions, but even in DOD, smaller dollars is hundreds of millions of dollars. So what we've found--we've got one team looking for an odd approach, what went right and how can we replicate that across other buy systems processes? And if we can, why don't we? Ms. Kelly. And, Mr. Spires, do you think the Section 809 model can be successfully applied to other agencies? Mr. Spires. Well, let me--you know, it's good you asked me that because I was just thinking not all programs and projects are alike, right, and there are very specialty things about IT. The good news about IT is that the technology and the methods have evolved so--Mr. Powner was talking about incremental, whether using, you know, agile development techniques or the like. I'm a huge believer--and in fact, the more complex you're trying to build an IT system, the more you should be doing prototyping and piloting up front so that if you're--if you've got an architecture--a technical architecture that's not going to work, you find that out early in the program. Okay. These are some of the mitigation technologies, approaches that you can use in IT that, you know, may be applicable to other areas. So I'm--you know, the 809 Panel, I'm really interested to see what they come out with, and I'm sure some of their things will be very beneficial, but you also need to make sure that it's specific to IT acquisition and various types of IT programs. Ms. Kelly. Mr. Hodgkins, is there anything government is getting right with IT? Quickly, quickly. Ms. Lee. You get the hard questions. Mr. Hodgkins. Yes. Thank you, Ms. Kelly. Yes, I mean, given the constraints that the current workforce has to work under, they're doing an exceptional job of keeping antiquated systems functioning on really critical mission areas. You know, we target our nuclear systems with decade-old mainframes. We keep the Social Security system and the IRS systems running on decades-old mainframes. And with what they have to work with, they're probably doing a--I would consider exceptional keeping those old systems functional. And there are pockets where we're having the opportunities to make improvements. There was discussion about the innovation labs; 18F has made some progress in some areas. USDS has made some examples. And we need to figure out how to take some of those activities and scale them more broadly. Ms. Kelly. Thank you. Mr. Hurd. Mr. Russell--my intention is to get through Russell, Connolly, and I, so please, let's keep it to five minutes so that we don't make our panelists wait any longer than they have to. Mr. Russell, you are recognized for five minutes. Mr. Russell. Thank you, Mr. Chairman. And thank you for being here today. If this were an easy problem, we wouldn't have five witnesses, and the expertise that you bring is significant. Ms. Lee, in your testimony, you have both stated and alluded in your comments that for many, the benefits of doing business with government are not sufficient to offset the associated risks. And, you know, that is precisely the environment we don't want to create. We want to try to solve problems with industry and innovation, but it becomes too difficult to work with government. But you also mentioned criminalizing commerce. Can you give some examples of that? Ms. Lee. We treat every--people are going to make transactions, they're going to make tradeoffs, they're going to make decisions. We treat many decisions when something goes wrong as if it's a very nefarious action. You think about from an industry standpoint when I was in industry an error on a bill or a billing error can carry with it treble damages, and each invoice is counted as a separate act. It's oppressive. I'm all for ethics, integrity, and good governance, but putting so much fear in the system that we scare away not only good partners but good people, we've got to look at what really business transaction we're trying to achieve and how we can make sure that the system is fair but not so onerous that people can't or won't participate. Mr. Russell. Who would make that determination to provide that type of latitude? Is that something statutory or is that something that we give the judicial branch latitude? Or what is the fix, really anybody? Ms. Lee. That's what we're digging into, and very--too early for me to speak for my 18 commissioners, but we do need to look at ---- Mr. Russell. Well, you raise an excellent ---- Ms. Lee. Purpose? Mr. Russell.--point. Right. Ms. Lee. Process. We need to look at some of the oversight process. We need to look at some of the audit process. I will give you a personal example. When I was up and coming in acquisition, the auditor was my friend. I went to them and said can you ---- Mr. Russell. The auditor is ---- Ms. Lee.--help me? Mr. Russell.--never your friend, Ms. Lee, right? Ms. Lee. Yes. [Laughter.] Ms. Lee. You know, can you help me get this right? We had internal auditors. Now, that is all changed, and the people trying to do the right thing are staying a mile away ---- Mr. Russell. Sure. Ms. Lee.--from the auditor. Mr. Russell. Yes. Well, and, you know, like we often joke, nothing is so hard at government that we can't make harder, and I think we see an example of that. You also spoke to the effect of going bold and that to do otherwise is to put our military's mission at risk. Could you explain and elaborate a little bit more on the impacts of the mission? I mean, Mr. Hodgkins also talked about, you know, using eight-inch floppy disks for our nuclear defense, you know. Gosh, I guess that is one way to be secure from cyber warfare as we use systems that nobody has anymore, you know, they don't know how to acquire. But, you know, these are some of the problems. But would you care to speak a little bit to that? Mr. Hodgkins. Well, the systems that you're discussing, we shouldn't jump to judgment that all the systems we have in place need to be replaced. That's not the case. We do connect systems that were never designed to be plugged into the internet to the internet, and that creates vulnerabilities. But there's different systems with different mission needs, and we have to look at it. That's why I suggested that we need to do that inventory. And then we can figure out exactly what everyone owns and what they're using it for, what software it's running, what is the mission need, and it also will lend itself to identify solutions about we need to modernize this and we need to leave that one in place. Mr. Russell. I appreciate that. And, you know, on this committee all of us are really dedicated to that. In fact, it was this committee, Mr. Cartwright and myself, that authored the MEGABYTE Act, you know, that gave latitude to agencies to be able to use suites of software rather than buy entire packages for portions that weren't being used. I don't know if that has had any impact or not, but, you know, it seemed like a no-brainer. And, you know, by all estimates it was supposed to save $4 billion. And so I understand maintaining legacy systems if they're in a unique niche that really--you know, you don't want anything else to share, but is that the approach that we want to take when we can consolidate--the CIOS--if you were to read Senator Cohen's testimony, I mean, it sounds like today--Mr. Spires? Mr. Spires. Well, yes, Mr. Russell. I would weigh in here that--back to my point about going bold. I mean, I have said we need to go bold on IT infrastructure in a big way. You know, I ran the systems at IRS for a while. I was the CIO there. And, you know, we're not going to replace tens of millions of lines of COBOL code any time soon. That stuff's going to continue to run. But what we can do is modernize the infrastructure that that stuff runs on, move much more to the cloud infrastructure because the security models are there now. And I think we save a lot of money. We simplify a lot of things, which is a big part of the issue. We consolidate tremendously. And then you can go after and tackle these--a lot of these legacy applications that are really going to be very difficult to replace, you know, any time soon. But at least you're running on modern infrastructure. Your cybersecurity posture is much improved. So that's a go-bold approach. Mr. Russell. Thank you. And thank you, Mr. Chairman. Mr. Hurd. Thank you, Mr. Russell. The gentleman from the Commonwealth of Virginia, Mr. Connolly ---- Mr. Connolly. Thank you, Mr. ---- Mr. Hurd.--five minutes. Mr. Connolly. Thank you, Mr. Chairman. Ms. Lee, I have got to say you have added some bon mot to the Federal language. I mean, to refer to something as a Section 809 Panel-esque, not quite 809 but close, and then the auditor is your friend. I mean--well, I know, but just hearing that is sort of like--I am here from the government and we are here to help you. Anyway--but thank you. I appreciated very much your testimony, and it is great to see old friends at this panel. Mr. Powner, you were at an event the other day or maybe a hearing where you talked about some of the sunset provisions in FITARA that we need to address, and chief among which was, for me, the data center consolidation ---- Mr. Powner. Yes. Mr. Connolly.--sunset provision, which for some strange reason closes the door in 2018 at the very moment we are finally beginning to make progress. Your recommendation? Mr. Powner. So I think clearly you need to extend that at least several years on data centers. And the reason I say that is if you look at optimization metrics, right, we want to save money, we want to optimize centers, only about a third of the 24 departments and agencies will meet like four to five of the key optimization metrics. The other ones are self-reporting that they're going to be nowhere near that in 2018. So what does that mean? We need to give them a little more time to save money, to meet these optimization metrics. But I think there is a fundamental question--I agree with Mr. Spires on this--on infrastructure. We started this in 2010. It goes through 2018. If you extend it a couple of years to 2020, if you can't meet optimization metrics in 10 years, they should be out of the business. We should go to cloud solutions. I agree with Mr. Spires on that. Ten years is a long period of time, and at some point you got to say maybe you shouldn't be in the business of running data centers. Let's give them a chance to see what happens, but we need to think about that. Mr. Connolly. Ms. Lee, that sounds like going bold to me. Ms. Lee. Time matters. Mr. Connolly. Yes. Ms. Lee. We've come to the point where we've seen--as I said, we treat it like a valueless, endless commodity when, especially in technology, things turn so quickly, and yet we're content to make very lengthy contracts and very ---- Mr. Connolly. By the way, we need you looking at FedRAMP. Time matters. It is supposed to be like six months and a quarter of a million dollars. It is now up to two years and $4 or $5 million. You know, unacceptable and we are going to have to look at that at some point if they can't fix it administratively. Mr. Spires made a number of recommendations in terms of-- well, I think two recommendations in terms of adding to the scorecard. And, Mr. Powner, your reaction to those recommendations? Mr. Powner. Yes, I think, you know, his suggestion on the commodity--the way that we measure the commodity area, that's a potential--I mean, a lot of this, as you well know, it's based on available data. We're open to that. I do think, though, when you look at the Federal workforce, this was discussed earlier, I think assessing each agency on how they assess and address their Federal workforce needs, including the cyber area, that's key with the 2015 Cybersecurity Act. I think that's another key area because it's also about the people and do we have the right people on board. Mr. Connolly. Yes. Mr. Powner. It's something we'll work with your committee on. Mr. Connolly. Unfortunately, we are running out of time because of votes, and I promised the chairman I would stick to five minutes. I am in fact sticking to three-and-a-half. I yield back the balance of my time. Mr. Hurd. You all saw it here first. [Laughter.] Mr. Connolly. No good deed goes unpunished in this city, you know? Mr. Hurd. Thank you all for being here. There has been probably four or five topics that--and just you all's quick comments that we can follow up with the scorecard. So thank you for that. And you have helped me--one of the things as we are looking at a project on what I have been calling the Cyber National Guard, one of the problems we have is what are the needs in the various agencies when it comes to the IT staff, right? What positions, you know, what certifications are they going to need in order to come straight in? And so having that, you know, addressing that need across the spectrum is important. Mr. Puvvada, a couple of questions for you. GSA maintains the schedule contracting, which accounts for more than $30 billion in annual transactions. What do you see as the pros and cons in this system? And also, your company is no longer participating in the GSA schedule contracting. Can you talk about what led to that? Mr. Puvvada. Sure. So there is a benefit to having a standard set of offerings that could be leveraged across the government whether it is schedule for services or schedule for product. The problem comes with what Ms. Lee and Mr. Hodgkins talked about is onerous reporting requirements to have most favored pricing, which is very hard to do for global corporations that provide services and solutions that cross, you know, several industry sectors. What happens is there are particular elements of solutions that we offer, for example, similar to several other companies that there is no way to keep track of that. For example, the price we offer for a particular product is in the context of a bigger solution element. So we have no way of most often keeping track of the cost. So we chose not to participate on the product list because we would spend an inordinate amount of time reporting and keeping track of it and also I pick up on the decriminalization aspect, which is the penalties that are acquired are very onerous. So we'd recommend that GSA take a look at a more balanced approach in trying to look at it from the perspective of how could I get the innovation and get a good value for the government but not necessarily go to the level of detail that is required to provide reporting and be consistent about it and have a contextual understanding of how they're assessing the best price that they get. Mr. Hurd. I do copy. In your opening remarks you identified two entities that were examples of positive--the Procurement Innovation Lab in DHS and the HHS Buyers Club. Is that what you said ---- Mr. Puvvada. Yes. Yes. Mr. Hurd.--Buyers Club? Can you talk to me about--you know, take 45 seconds, a minute and explain why you highlighted those two? Mr. Puvvada. So both of these organizations have a similar profile. So what the leaders within the organizations are doing is providing a--an innovation approach in contracting where they're allowing risk-taking and come up with a modular contract and best practices and giving air cover to the contracting officers and encouraging innovation and doing experimentation and really focusing on the outcomes as opposed to the products. So along with that comes recognition for people that do really well called a badge, Pell badge. So that is an important--along with, you know, rewards and recognition that becomes an important element, and that gets a lot of traction. So what we made the recommendation is that that be widely adopted and not a whole lot of management, you know, overhead that is required to take some of those kinds of things and encourage that risk-taking and cut down that contracting time is what Ms. Lee was talking about, taking two years to get a technology. Mr. Hurd. All right. Mr. Hodgkins, assessing inventory, it is crazy to me that every time we do another, you know, scorecard, we find a new database, we find a new server farm, we--you know, oh, wait, we actually have four connections to the internet and not two. Assessing inventory, why is it so hard and what--you know, this is something that we should-- every agency should be able to do in how many months? Mr. Hodgkins. Well, I mean, we would suggest--and we worked with your office and Ms. Kelly in particular last year around a concept to do inventory that, you know, the government can do this job in a relatively short order. There are some short time frames of a year or less for some of the actions in that proposal and suggestion. The challenge you have is that different agencies treat those requirements in different ways. Different people define and interpret requirements. We saw this with data center consolidation. The first rollout defined a data center as X, Y, and Z. well, agencies work to make sure their data centers didn't fit in that metric. And so the CIO's office or others would define that more explicitly, and agencies would then again work to exclude data centers to where we have square footage requirements trying to get at the guy who's running a server in a closet somewhere. So we have that kind of activity going on in the context of trying to expose some of this and drive toward data center consolidation. That's one example I can point to. And I think that we have to come up with incentives for the agencies to expose this information and then act effectively around what the agencies need to be doing with the directions and metrics that Congress and OMB would be setting. Mr. Hurd. That is helpful. And, Mr. Spires, final question for you. When we get MGT passed, what is going to prevent--what is going to get in the way of truly utilizing where a CIO can--when they doing something and they realize savings, what are going to be some of those barriers that CIOs are going to have in actually achieving what we are trying to do with MGT? Is that a fair question, sir? Mr. Spires. Yes, it is definitely a fair question. I guess a couple of points on that, I think you're going to find that many CIOs--I mean, this whole model that says we should be able to realize savings through efficiencies and reinvest, right, in more modernization. I think you're going to have a lot of issues with that, and that would include up to Congress and Appropriations Committees, right, because of the way the budgeting structure works. So you're going to have that set of issues that goes through OMB up to the Hill. You're also going to have a situation where--another big part of it that I really like is this idea of having these working capital funds so that you got some more budget flexibility for the IT organizations to be able to work. I mean, running major programs in my past, it was beneficial, like when I was at the IRS, to have three-year working capital fund money so that we could plan these projects out and have some assurance that we're going to have sustained funding. I think as long as the Appropriations Committees up here can work with the agencies to make sure that model works well, that's great. I don't think that's where the big problems are, though, Mr. Hurd. The big problems are still going to be back to the authorities issues back to, you know, the fact that--and it's in--and I always like to say it's not about the CIO owning everything. It's about the CIO working collectively with the mission owners, with the other CxOs to be able to effectively deliver IT. Mr. Hurd. And that is why we go forward with FITARA implementation we are going to have CIOs, CFOs, agency heads in front. You know, I know the White House is very committed to making sure that the agency heads understand the role of the CIOs and the CIOs have all the responsibility they need since we are going to hold them accountable. And that is something that has been very clear coming out of this White House, which I think is fantastic. I want to thank all of you for being here to appear before us today. There has been a lot of information that we can integrate into work that we are always doing in areas that you all talked about where we can continue to shine an additional light. So I ask unanimous consent that members have five legislative days to submit questions for the record. And without objection, so ordered. There is no further business. Without objection, the subcommittees stand adjourned. [Whereupon, at 3:21 p.m., the subcommittees were adjourned.] APPENDIX ---------- Material Submitted for the Hearing Record [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] [all]