[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
REVIEWING CHALLENGES IN FEDERAL IT ACQUISITION
=======================================================================
JOINT HEARING
BEFORE THE
SUBCOMMITTEE ON
INFORMATION TECHNOLOGY
AND THE
SUBCOMMITTEE ON
GOVERNMENT OPERATIONS
OF THE
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
MARCH 28, 2017
__________
Serial No. 115-4
__________
Printed for the use of the Committee on Oversight and Government Reform
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
http://www.house.gov/reform
______
U.S. GOVERNMENT PUBLISHING OFFICE
25-715 PDF WASHINGTON : 2017
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
Committee on Oversight and Government Reform
Jason Chaffetz, Utah, Chairman
John J. Duncan, Jr., Tennessee Elijah E. Cummings, Maryland,
Darrell E. Issa, California Ranking Minority Member
Jim Jordan, Ohio Carolyn B. Maloney, New York
Mark Sanford, South Carolina Eleanor Holmes Norton, District of
Justin Amash, Michigan Columbia
Paul A. Gosar, Arizona Wm. Lacy Clay, Missouri
Scott DesJarlais, Tennessee Stephen F. Lynch, Massachusetts
Trey Gowdy, South Carolina Jim Cooper, Tennessee
Blake Farenthold, Texas Gerald E. Connolly, Virginia
Virginia Foxx, North Carolina Robin L. Kelly, Illinois
Thomas Massie, Kentucky Brenda L. Lawrence, Michigan
Mark Meadows, North Carolina Bonnie Watson Coleman, New Jersey
Ron DeSantis, Florida Stacey E. Plaskett, Virgin Islands
Dennis A. Ross, Florida Val Butler Demings, Florida
Mark Walker, North Carolina Raja Krishnamoorthi, Illinois
Rod Blum, Iowa Jamie Raskin, Maryland
Jody B. Hice, Georgia Peter Welch, Vermont
Steve Russell, Oklahoma Matt Cartwright, Pennsylvania
Glenn Grothman, Wisconsin Mark DeSaulnier, California
Will Hurd, Texas John Sarbanes, Maryland
Gary J. Palmer, Alabama
James Comer, Kentucky
Paul Mitchell, Michigan
Jonathan Skladany, Staff Director
Rebecca Edgar, Deputy Staff Director
William McKenna, General Counsel
Julie Dunne, Senior Counsel
Kiley Bidelman, Clerk
David Rapallo, Minority Staff Director
Subcommittee on Information Technology
Will Hurd, Texas, Chairman
Paul Mitchell, Michigan, Vice Chair Robin L. Kelly, Illinois, Ranking
Darrell E. Issa, California Minority Member
Justin Amash, Michigan Jamie Raskin, Maryland
Blake Farenthold, Texas Stephen F. Lynch, Massachusetts
Steve Russell, Oklahoma Gerald E. Connolly, Virginia
Raja Krishnamoorthi, Illinois
------
Subcommittee on Government Operations
Mark Meadows, North Carolina, Chairman
Jody B. Hice, Georgia, Vice Chair Gerald E. Connolly, Virginia,
Jim Jordan, Ohio Ranking Minority Member
Mark Sanford, South Carolina Carolyn B. Maloney, New York
Thomas Massie, Kentucky Eleanor Holmes Norton, District of
Ron DeSantis, Florida Columbia
Dennis A. Ross, Florida Wm. Lacy Clay, Missouri
Rod Blum, Iowa Brenda L. Lawrence, Michigan
Bonnie Watson Coleman, New Jersey
C O N T E N T S
----------
Page
Hearing held on March 28, 2017................................... 1
WITNESSES
Mr. David A. Powner, Director, IT Management Issues, U.S.
Government Accountability Office
Oral Statement............................................... 6
Written Statement............................................ 9
Mr. Richard A. Spires, Chief Executive Officer and Director,
Learning Tree International, Inc.
Oral Statement............................................... 33
Written Statement............................................ 35
Mr.Venkatapathi Puvvada, President, Unisys Federal Systems, and
Board Member of the Professional Services Council
Oral Statement............................................... 44
Written Statement............................................ 46
Mr. A. R. Hodgkins, III, Senior Vice President, Information
Technology Alliance for Public Sector, Information Technology
Industry Council
Oral Statement............................................... 63
Written Statement............................................ 65
Ms. Deidre Lee, Director, IT Management Issues, and Chair of
Section 809 Panel
Oral Statement............................................... 78
Written Statement............................................ 80
APPENDIX
Questions for the Record for Mr. David Powner, submitted by Ms.
Kelly and Mr. Connolly......................................... 94
Questions for the Record for Mr. Richard Spires, submitted by Mr.
Hurd, Mr. Meadows, and Ms. Kelly............................... 101
Questions for the Record for Mr. Venkatapathi Puvvada, submitted
by Mr. Hurd, Mr. Meadows, Ms. Kelly, and Mr. Connolly.......... 122
Questions for the Record for Mr. Trey Hodgkins, submitted by Mr.
Hurd, Mr. Meadows, Ms. Kelly, and Mr. Connolly................. 131
Questions for the Record for Ms. Deirdre Lee, submitted by Mr.
Hurd, Mr. Meadows and Ms. Kelly................................ 142
REVIEWING CHALLENGES IN FEDERAL IT ACQUISITION
----------
Tuesday, March 28, 2017
House of Representatives,
Subcommittee on Information Technology, joint with
the Subcommittee on Government Operations,
Committee on Oversight and Government Reform,
Washington, D.C.
The subcommittees met, pursuant to call, at 2:04 p.m., in
Room 2154, Rayburn House Office Building, Hon. Will Hurd
[chairman of the Subcommittee on Information Technology]
presiding.
Present from Subcommittee on Information Technology:
Representatives Hurd, Issa, Russell, Kelly, Connolly, and
Krishnamoorthi.
Present from Subcommittee on Government Operations:
Representatives Meadows, Blum, Hice and Connolly.
Mr. Hurd. The Subcommittee on Information Technology and
the Subcommittee on Government Operations will come to order.
And without objection, the chair is authorized to declare a
recess at any time.
We are expecting a vote series at three o'clock, so we will
get through as much as we can in this hour.
I want to say, first off, good afternoon and welcome. This
is the first IT Subcommittee of the 115th Congress. I am
pleased to have my friend and colleague Robin Kelly at my side
once again as the ranking member.
In the 114th Congress, the subcommittee held hearings on a
wide variety of technology issues, including encryption, cloud
computing, health IT, the Federal IT workforce, and the
cybersecurity of our election systems, among many others. We
worked to establish a tone and a culture of bipartisanship on
the subcommittee, and I am excited to work with the ranking
member on a host of additional issues this Congress.
This is also the first of what I am sure will be many joint
subcommittee hearings between the IT Subcommittee and the
Subcommittee on Government Operations. I have appreciated
working with the Government Operations Subcommittee, Mr.
Meadows and Mr. Connolly on the FITARA scorecard and the DATA
Act and on numerous other issues.
Reforming our outdated acquisition laws and regulations to
reflect the realities of commerce in the digital age is a
priority for this subcommittee this Congress. Today's hearing
will set the foundation for additional, more targeted
oversight. It is time that we align the best practices of
industry with the Federal Government when it comes to IT
acquisition and deployment.
The stated purpose of the Federal acquisition system is to,
and I quote, ``to provide the Federal Government with an
economical and efficient system,'' end quote, to procure goods
and services. Today, the complexity of the Federal acquisition
system fails to meet this objective.
Some examples: As of July 2014, the Federal Acquisition
Regulation, or FAR, had over 2,000 pages. In addition to the
FAR, individual agencies have supplemental acquisition
regulations, guidance, instructions, and policy directives. For
example, GSA has the GSAM, GSA acquisition manual; and DOD has
Instruction 5000 on operation of the Defense Acquisition
System. And there have been multiple executive orders imposing
additional requirements on the private sector, further
increasing compliance costs. It is no wonder that the number of
first-time Federal vendors has fallen to a 10-year low down
from 24 percent in 2007 to only 13 percent in 2016.
And penalties for even inadvertent violations of this
morass of red tape can be steep, including audits, lawsuits,
multimillion-dollar settlements, inspector general
investigations, and bad publicity. Companies of any size who
may initially have an idea or product of use to the Federal
Government get discouraged trying to navigate the red tape and
direct their energies elsewhere. Startups often don't even try.
They can't afford the lawyers.
These inefficiencies are costly to American taxpayers and
prevent innovative technology from being property utilized in
the Federal Government. Yet with great challenges come great
opportunities. Reforming our acquisition system so that the
Federal Government can properly adopt a buy, not built,
approach will result in cost savings, technological
advancement, and improved security for our Federal systems.
I thank the witnesses for joining us here today, and I look
forward to their testimony.
Mr. Hurd. I would like to now recognize Ms. Kelly, the
ranking member of the Subcommittee on Information Technology,
from the great State of Illinois for her opening statement.
Ms. Kelly. Thank you, Mr. Chairman. And I look forward to
another two years of great productivity from our very
bipartisan committee. And thank you, Chairman Meadows and
Ranking Member Connolly, for your continued leadership and
partnership as our subcommittees continue working together to
improve how Federal agencies manage their information
technology projects.
The Government Accountability Office's 2017 high-risk
report makes clear the continued challenges agencies are facing
when managing their IT acquisitions. GAO states, and I quote,
``Federal IT investments too frequently fail or incur cost
overruns and schedule slippages while contributing little to
mission-related outcomes.'' GAO's report highlights the need
for President Trump's administration to strengthen, not hinder,
IT acquisition reform.
The President's action and inaction in certain key areas is
likely to have the opposite effect and threaten to undermine
agency efforts to improve in their management of IT
investments. First, on January 23rd, 2017, President Trump
issued an order freezing Federal employee hiring. GAO has
reported in the past that hiring freezes have, and I quote,
``disrupted agency operations and in some cases increased cost
to the government.'' A hiring freeze impairs the ability of
agencies to attract new and talented computer programmers and
engineers that could help close any of the skill gaps currently
existing at the agencies. It will likely exacerbate rather than
remedy the challenges agencies report facing when it comes to
hiring the most skilled tech-savvy workforce, making these
agencies not only less productive but less effective.
Second, the President's continued delay in filling key IT
leadership positions deprives the government of the leadership
commitment needed to carry out IT acquisition reform. Notably,
to date the President has not named a new Federal chief
information officer to replace Tony Scott, who departed from
the position earlier this year. As GAO's high-risk report makes
clear, having a Federal CIO in place is critical to ensuring
that agencies are being provided the necessary guidance to
improve in their management of IT investments.
Nor has the President nominated a director of the Office of
Personnel Management, an agency that plays a critical role in
securing highly sensitive information and background data on
over two million Federal employees. Last month, this committee
sent a bipartisan letter to the President urging him to, and I
quote, ``nominate without delay a highly qualified director to
lead the Office of Personnel Management.'' To date, the
President has not acted in response to this committee's
request.
Finally, it is unclear whether the Trump administration
will follow through with issuing critical guidance that would
assist agencies in improving the scope of cybersecurity
protections in Federal acquisitions. This guidance was first
developed under the Obama administration and reportedly close
to being finalized by the Office of Management and Budget last
year. Earlier today, myself along with Chairman Hurd and
Ranking Member Connolly, wrote to OMB to request information on
the status of issuing this important guidance. We look forward
to receiving OMB's response.
I want to thank the witnesses for testifying today. We have
a lot of work ahead to improve upon our Federal IT acquisition
processes. Your expertise and recommendations will be
invaluable to our committee as we examine ways in which to help
the Federal Government improve in its management of IT
acquisitions and operations. Thank you much, Mr. Chair.
Mr. Hurd. Thank you. I now recognize Mr. Hice, the vice
chairman of the Subcommittee on Government Operations, for his
opening statements.
Mr. Hice. Thank you very much, Mr. Chairman. It is an honor
to be here with you and with Ranking Member Ms. Kelly and Mr.
Connolly, ranking member of the Government Operations
Subcommittee.
This whole issue of Federal acquisition system is
complicated, slow to deliver, does not encourage innovation. I
have got a quote here that I would like to read. It says, ``The
Federal Government continues to operate old, obsolete computer
systems while it has wasted billions of dollars in failed
computer modernization efforts. Replacing antiquated computer
systems has met with little success because of poor management,
inadequate planning, and an acquisition process that is too
cumbersome to competitively purchase computer technology before
it is obsolete. Efforts by the government to provide greater
efficiency and service to the American people will certainly
fail unless the process for buying information technology is
improved.''
Now, any of us could probably take a stab at who made that
statement. It certainly applies incredibly to our situation
today, but that is a quote from 1994, a report by then-Senator
Cohen called ``Computer Chaos: Billions Wasted Buying Federal
Computer Systems.'' This state of affairs has led to what is
widely known as the Clinger-Cohen Act of 1996 to improve the
way the government bought IT. There certainly has been progress
since 1996, but today, we face similar challenges in the IT
acquisition process.
Large Federal Government IT investments can take years to
execute while private sector rewards speed and innovation.
William Lynn, former DOD Deputy Secretary, estimated that the
Pentagon can take 81 months to develop and make operational a
new computer system once it was funded while the iPhone was
developed in just 24 months. It is amazing.
The failure to deliver innovation in a timely manner cannot
continue. The failure to encourage innovation puts our country
at risk in a variety of ways and particularly so in securing
our Federal IT systems. We spend over $80 billion annually on
IT, but 75 percent of this spending is for legacy IT. This just
can't continue. Failure to modernize Federal IT means that we
will continue to spend more on outdated IT, and our Federal IT
will be subject to security vulnerabilities.
This committee has spent significant time making sure that
agencies implement the Federal IT Acquisition Reform Act,
FITARA, because it does empower agency CIOs to make them more
accountable for budget and acquisition decisions. FITARA
implementation is a big part of IT acquisition reform, but it
will not fix all things wrong with the Federal acquisition
system.
And that is why I am pleased, Mr. Chairman, to be here
today and to hear more from our experts about IT acquisition
challenges that they see and what Congress can do to improve
the situation. I thank each of our witnesses for being here
with us today. I look forward to hearing from you.
And with that, Mr. Chairman, I yield.
Mr. Hurd. Thank you. I would now like to thank again the
witnesses for being here. And I am going to hold the record
open for five legislative days for any members who would like
to submit a written statement.
And I would also like to thank the panelists. This was a
rescheduled hearing, and I know, Ms. Lee, you flew up from
South Carolina to be here and the meeting didn't happen, but
thank you for being here again.
I would now recognize our panel of witnesses. And when
Gerry Connolly gets here, we will let him do his opening
remarks.
One of my favorite witnesses--I know I am not supposed to
have favorites--but David Powner, director for IT Management
Issues at the U.S. Government Accountability Office. Thanks for
your leadership at GAO and all that you do.
Another person that is not a stranger to this committee,
Richard Spires, chief executive officer and director at
Learning Tree International, Incorporated; and former CIO for
the IRS and Department of Homeland Security.
Mr. Venkatapathi Puvvada, or P.V., is the president of
Unisys Federal Systems. He also currently served on the Board
of Directors of the Professional Services Council. Thank you
for being here.
Trey Hodgkins, III, another repeat offender, senior vice
president for the Information Technology Alliance for Public
Sector, ITAPS, which is part of the Information Technology
Industry Council.
And last but not least, Ms. Deidre ``Dee'' Lee, director of
IT Management Issues and the chair of the Section 809 Panel.
Previously, Ms. Lee was also a senior procurement official at
NASA, DOD, and DHS.
Welcome to you all. And pursuant to committee rules, all
witnesses will be sworn in before they testify. So please rise
and raise your right hand.
[Witnesses sworn.]
Mr. Hurd. Thank you. Please be seated.
And let the record reflect that the witnesses answered in
the affirmative.
In order to allow for discussion, we would appreciate if
you would please limit your opening testimony to five minutes,
and your entire written statement will be made part of the
record.
We will go ahead and go with Mr. Powner and then maybe to
Mr. Connolly. Oh, you want to go now. You ready?
Mr. Connolly. Whatever the pleasure of the chairman.
Mr. Hurd. Well, let's go to Mr. Connolly then. Mr.
Connolly, you are now recognized for your opening five minutes
before we turn the show over to Mr. Powner.
Mr. Connolly. Thank you, Mr. Chairman. And I am sorry I was
delayed. I am meeting with a huge number of constituents from
APEC. You probably are both experiencing the same. And it just
went over. So I am so sorry.
Welcome to our panel. And thank you, Mr. Chairman and
Ranking Member Kelly and my counterpart Mr. Meadows and good
friend, for holding a hearing to examine the challenges we face
with respect to IT acquisitions.
As I have pointed out before, the Federal Government lags
behind the private sector in many if not most aspects of IT
modernization and the management of IT investments. As the
ranking member on Government Ops here in this committee, I have
worked to introduce and pass several types of legislation aimed
directly at trying to address those shortcomings, most notably,
of course, FITARA, or as it is commonly called, Issa-Connolly.
[Laughter.]
Mr. Connolly. Connolly-Issa even has a better ring, but I
am not going there. That is for you to say, Mr. Powner, not for
me.
Since the passage of FITARA, our subcommittees have issued
three biannual scorecards to ensure that it is properly
implemented. As I firmly believe, this legislation will provide
agencies with greater support for making the necessary
improvements in how they buy and deploy technology. It is
rather unfortunate that instead of providing agencies with
additional tools to strengthen their management of IT
acquisitions, we have a hiring freeze now that would make I
think it more difficult for agencies to improve in this area.
A talented and highly skilled Federal workforce is needed
to tackle the difficult challenge of modernizing Federal IT,
and there is a skillset that goes along with that. A hiring
freeze does nothing but I think damage agencies in their
efforts to recruit and retain individuals with the knowledge,
skills, and experience to manage many of today's IT
investments. When even the private sector reports facing a
critical challenge in hiring qualified IT personnel and
cybersecurity professionals, it is difficult to see how a
hiring freeze works to our advantage at least in this realm.
The irony is the hiring freeze comes at a time when the
White House announced just yesterday the creation of a new
office, the White House Office of American Innovation.
According to the Washington Post, one of the key areas that new
office would be responsible for handling would be, and I quote,
``modernizing the technology and data infrastructure of every
Federal department and agency,'' something this committee and
these two subcommittees have been preoccupied with for quite
some time.
And, by the way, we welcome that. I mean, that would be
great. And if it is Jared Kushner and we can sit down with him
and talk about our goals and his goals, I think there is a real
opportunity for bipartisan common ground as we have achieved
here in this committee.
In 1982 the GAO determined that Federal hiring freezes
instituted by former Presidents Carter and Reagan were not
particularly effective and tended to disrupt agency operations
and in some cases even increase cost to government.
So we need to be careful. We need to make selective
exceptions if we are going to have an across-the-board hiring
freeze. And I think IT management and procurement and
acquisition is one of them. It is a skillset that is badly
needed, and we need to be frankly bulking up with both the
modernization of IT management and procurement and on the
cybersecurity front.
So I look forward to hearing from our witnesses today, glad
to be back with my partners, Mr. Meadows, Mr. Hurd, and Ms.
Kelly, and look forward to your testimony. Thank you, Mr.
Chairman.
Mr. Hurd. Thank you, Mr. Connolly.
Now, I would like to recognize Mr. Powner for his five-
minute opening statement.
WITNESS STATEMENTS
STATEMENT OF DAVID A. POWNER
Mr. Powner. Chairman Hurd, Chairman Meadows, Ranking
Members Kelly and Connolly, and members of the subcommittees,
thank you for inviting us to testify on Federal IT
acquisitions.
Failed acquisitions are well documented over the years, and
the reasons are clear: unclear accountability, big-bang
waterfall approaches, OMB not playing a critical role,
agencies' insufficient oversight, and the government's
inability to effectively leverage industry.
This afternoon, I'd like to discuss practical solutions to
each of these areas, many of which are grounded in FITARA. I'd
like to start by focusing on a recent IT acquisition success
story with the November launch of NOAA's geostationary
satellite. Despite some cost overruns and launch delays, this
weather satellite is providing images and information that will
greatly enhance our nation's weather warnings.
I'd like to note that most IT acquisitions do not have this
level of complexity and that the Federal Government needs to
build off of modernization efforts like this starting with
accountability and authorities. In the latest FITARA self-
assessments, more than half of the 24 CIOs reported that they
do not have complete authority over IT acquisitions. This
includes large departments like DHS, Energy, HHS,
Transportation, and VA.
Only about one-third of the CIOs told us during our ongoing
work for this committee that they have the authority to stop
any project that is not going well. FITARA has clearly raised
the profiles of some CIOs and improved their authorities, but
many are still not viewed as part of the executive team. We
need to keep making progress on CIO authorities, and this will
only change significantly if CIOs have support from Secretaries
and Dep Secretaries and solid relationships with CFOs and chief
acquisition officers. Otherwise, agencies will continue to make
modest progress on their authorities.
Turning to incremental development, our ongoing work for
this committee shows that about 60 percent of the IT projects
are taking an incremental approach, but this percentage is not
improving since previous years. FITARA requires that CIOs
certify adequate use of incremental development, but our work
shows that only three of 24 agencies have a policy to do so.
More agencies need a policy, and OMB needs to formalize this
process so that more IT projects are tackling these deliveries
in smaller increments. Having 40 percent of our IT projects not
using an accepted practice is unacceptable.
Next, the importance of OMB leadership and the critical
role of the Federal CIO. In addition to ensuring that agencies
expand on their incremental development efforts, there are
three additional areas where OMB can significantly help with
the delivery of IT acquisitions. One, OMB needs to follow up on
the FITARA self-assessments to ensure that the CIOs progress on
authorities is continuing.
Two, OMB needs to bring back the tech stat reviews on IT
acquisitions to ensure that agency executives can answer to the
White House on our nation's most important IT acquisitions.
And three, OMB needs to provide to the Congress the list of
the top IT acquisitions for the Nation and their current
status.
Recent history tells us that when OMB is involved with this
oversight, progress occurs. It's also fair to say that we've
taken some steps backwards on progress in these areas towards
the end of the prior administration and with the recent change
in administrations. Congress needs to continue to push OMB to
play this critical role, and GAO plans to do our part following
up on our high-risk area and detailed reviews for this
committee.
Next, agencies need to bolster the oversight of
acquisitions in the IT workforce. We wholeheartedly agree with
Mr. Spires' recommendations to strengthen agencies' governance
and program management. In addition, our recent work for this
committee on how agencies assess and address their IT workforce
shows that much work is needed here, including how cyber needs
are addressed. We would welcome the opportunity to review all
24 Departments' efforts to assess and address their IT
workforce needs. In fact, this could be something incorporated
into future scorecards.
Finally, the government needs to effectively leverage
industry. Two areas to mention are, one, better integrating
private sector expertise from teams like USDS and 18F into the
Federal workforce more than what was previously done; and two,
buying more and building less and going with more cloud
solutions and proven commercial products.
In conclusion, Federal IT acquisitions need clear
accountability tackled in smaller increments, OMB's help,
stronger agency management, and better industry partnering to
ensure more success. I would like to thank both subcommittees
for your continued leadership on Federal IT issues.
[Prepared statement of Mr. Powner follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, sir, and thank you for your service.
Mr. Spires, you are now recognized for five minutes.
STATEMENT OF RICHARD A. SPIRES
Mr. Spires. Thank you. Good afternoon, Chairmen Hurd and
Meadows, Ranking Members Kelly and Connolly, and members of the
subcommittees. I'm honored to testify today in regards to
improving IT acquisition. And I wanted to acknowledge the great
work and leadership of these subcommittees in addressing the
issues of improving Federal IT and in particular your work on
FITARA.
Since I served as the CIO of the IRS and later at DHS, my
experience has given me insights to present practical
recommendations that address the issues agencies face in
acquiring IT. The reality is that acquiring a commodity item
like ordering a telecommunications circuit or buying a laptop
is very different than acquiring a new mission-critical system
that requires custom software development. We need to look at
the various categories of IT acquisitions and address
recommendations for improvement for each category. As such, I
offer five recommendations that address the range of IT
acquisitions that government agencies conduct.
Much of what agencies acquire is commodity IT, purchasing
that involves little acquisition risk, yet many agencies do not
manage their inventory of hardware and software assets well,
resulting in both overbuying and not effectively leveraging
agency buying power.
There are significant near-term cost savings in this
category. My first recommendation is that Congress include
commodity IT purchase metrics in the FITARA scorecard. The
agency's CIO, with the authorities of FITARA, should develop a
comprehensive and accurate inventory of all agency commodity
hardware and software assets and optimize buying based on
agency needs.
Further, the agency's CIO should develop enterprise
purchasing arrangements for their top IT vendors or, as
appropriate, leverage the GSA category management and shared
service initiatives.
Many IT acquisitions require integration to deliver a new
or upgraded service capability. Some of these acquisitions are
quite significant and are captured as programs on the OMB IT
dashboard. Yet the vast majority of acquisitions are IT
projects that are the lifeblood of what an organization does
day in and day out. But developing an agency competency in
project management takes a lot more than just having certified
project managers. An agency needs government staff with the
capabilities and skills in numerous disciplines and a culture
recognizing the importance of project management.
My second recommendation is that the administration and
Congress ensure that the Program Management Accountability
Improvement Act is properly implemented in agencies. This act,
signed into law this past December, can help address the
project management issues in agencies but only if there's a
sustained effort to build a cadre of government staff with the
skills and experience to manage IT projects and programs.
As part of significantly improving their overall IT
capabilities, agencies need to modernize their IT
infrastructure as one of their highest priorities. My third
recommendation is that the administration, with congressional
oversight, require agencies to implement a modern IT
infrastructure over a three-year time frame. Given the advances
in IT security, most agencies should skip data center
consolidation and move wholesale to the use of a modern
FedRAMP-approved cloud-based infrastructure. Agencies should be
able to derive 20 to 30 percent savings in IT infrastructure
spend.
The riskiest IT acquisitions are the large IT application
programs that should be on the IT dashboard. I have found that
delivering such programs requires a strong collaboration
amongst key organizations in an agency, proper skills and a
robust governance model to facilitate effective decision-
making. Most Federal agencies do not have the institutional
maturity to handle large-scale IT programs.
My fourth recommendation is that agencies should be
measured on their IT acquisition and program management
maturity. OMB should mandate the use of an IT management
maturity model that can measure agencies against an objective
set of standards and best practices. Congress should
incorporate key elements of the maturity model into the FITARA
scorecard.
My final recommendation is that Congress should reintroduce
and enact the Modernizing Government Technology, or MGT Act. A
key component of this act is the ability for agencies to
establish working capital funds that could be used in funding
IT modernization initiatives. The budget flexibility should
enable agencies to shift resources saved through IT
efficiencies into funding new modernization initiatives and
enable program managers to more effectively plan and resource a
program over multiple fiscal years.
These five recommendations, if implemented with sustained
focus from the administration with continual oversight from
Congress, will substantially improve IT acquisition. The
benefits of such changes would be many-fold, providing
significant savings in IT spend but more importantly greatly
helping agencies to better perform their missions.
Thank you.
[Prepared statement of Mr. Spires follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, Mr. Spires. But you are burying the
lead. I would have led with MGT as the first one.
[Laughter.]
Mr. Hurd. Mr. Puvvada, you are now recognized for five
minutes.
STATEMENT OF VENKATAPATHI PUVVADA
Mr. Puvvada. Thank you. Good afternoon, Chairmen Hurd and
Meadows, Ranking Members Kelly and Connolly, and members of the
subcommittee. Thank you for inviting me to testify on behalf of
the Unisys Corporation.
The subject of today's hearing is critical to moving
Federal Government towards IT modernization and leading-edge
digital services that facilitate a good interaction between the
government and citizens.
Unisys is a global provider of industry-focused technology
solutions integrated with leading-edge security to clients in
the government, financial, and commercial sectors. This breadth
of experience has placed our company at the frontlines of
tackling significant challenges that come with the technology
modernizations. Many of you deserve credit for recognizing the
need for IT modernization and for crafting MGT Act in last
Congress. We encourage you to do the same in this Congress.
In my written testimony, I include statement--I include
several key principles and best practices that are widely used
during successful modernization initiatives. These include a
reliance on commercial solutions, focus on reducing costs, and
integrated capabilities to allow services to connect
seamlessly.
I also highlight private sector best practices of how CIOs
can successfully transform their enterprises, for example, by
establishing strong connectivity with their unit-level CIOs and
CTOs and CSOs.
To harness emerging innovations, it's important that the
government attract and partner with the best and brightest IT
solution providers. This allows us to tap into new capabilities
such as service delivery--as service delivery models, agile
development cloud computing cybersecurity, and other emerging
technology solutions.
Today, such partnerships are established through a system
that in many cases is time-consuming and driven by processes
rather than outcomes. Thus, the challenges to be addressed have
as much to do with how the government buys as they do with what
the government buys. Ultimately, acquisition is an enabler to
agency mission delivery success.
Unisys offers a number of recommendations that can improve
upon the acquisition system we have today, creating a robustly
competitive landscape central to ensuring government access to
best-in-class innovations. Recommendations that I expand upon
in my written statement include seven of the following:
First, reemphasizing the preference for government's
reliance on commercial solutions and continuing efforts to
remove barriers and streamline processes for acquiring such
solutions.
Second, broadening consideration of potential vendors' past
performance to include work performed for non-Federal clients
so that commercial best practices can be brought over.
Third, enhancing communication and collaboration within the
government and between the government and industry to include
improved communication among C-suite executives and one-on-one
discussions with potential vendors, as well as meaningful
debriefings with the bidders.
Fourth, greater reliance by agencies on statement of
objective instead of prescriptive statements of work and the
adoption of innovation templates that providers--provides
vendors with the flexibility to introduce innovations and focus
on them.
Fifth, encouraging vendors to provide demonstrations of new
capabilities and emerging technologies through the performance
of a contract.
Sixth is focusing on value over price by limiting use of
low-price technically acceptable evaluation criteria,
particularly where non-commodity services are sought.
And seventh, increasing use of downselects and multiple
awardee contracts that enable and focus on past performance and
capability instead of cost alone.
Additionally, to harness innovation and achieve IT
modernization goals and digital transformation, agencies must
be staffed with an acquisition workforce that is equipped with
the right skillsets and supporting resources. Unisys'
perspective is that our smartest clients are our best clients.
To that end, we encourage investment in the acquisition
workforce to bolster capacity to procure IT solutions
effectively.
Language in FITARA requiring the development of IT
acquisition cadres within the agencies is a step in the right
direction. Also, shifting leadership mentality that encourages
calculated risk-taking in agencies such as DHS is a very
positive development. We're supportive of the expansion of the
Procurement Innovation Labs across the government. We're
particularly impressed by DHS Procurement Innovation Lab and
HHS Buyers Club.
In summary, we at Unisys believe government can make
significant progress in addressing these technology challenges
by focusing on investments in modernization, improvement in
acquisition, enabling change in management and governance and
training.
This concludes my oral statement. Thank you. I look forward
to answer questions.
[Prepared statement of Mr. Puvvada follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, sir.
Mr. Hodgkins, you are recognized for five minutes.
STATEMENT OF A.R. HODGKINS, III
Mr. Hodgkins. Chairmen Hurd and Meadows and Ranking Members
Kelly and Connolly, thank you for the opportunity to share our
perspectives on challenges the Federal Government faces
regarding information technology investment acquisition and
management.
There are many stakeholders, including these subcommittees,
who should be applauded for their time and effort to reform
acquisition over the last few years. The technology sector,
however, has not found those efforts at reform to have had
substantial effect, and in many cases they have only resulted
in incremental changes addressing symptoms rather than the root
problems of the dysfunctioning government acquisition.
The IT Alliance for Public Sector has proposed to President
Trump that the time is right to change the way the Federal
Government acquires IT, and we would make the same suggestion
to the subcommittees.
IT modernization is the key to increasing cybersecurity for
government networks. Further, acquisition reform is essential
to modernized IT in the government and attain greater cyber
assurance. In other words, we cannot have cybersecurity without
IT modernization, and we cannot acquire the goods and services
we need for either of these goals without changing the way we
acquire IT. All three are inextricably linked.
As this committee has identified, we are using IT systems
that are now decades old. Many of the challenges with IT
acquisition lie in processes that anticipated lengthy
development to deliver a platform or solution for use over a
long period of time. But that dynamic no longer works for IT.
It capabilities and computing power are evolving and improving
faster than the government can follow, underscoring the
imperative for change. To deliver these new capabilities,
modernized IT and better secure the government's networks, the
time is right to reimagine the acquisition process.
We recommend four areas of focus for the committee to begin
the process of modernization and reform. Number one, assess and
inventory the technologies we have today. We do not have a
complete picture of the IT hardware and software the government
currently owns and is using. Such an action serves several
purposes. First, it uncovers exactly what the government owns
and is using; second, it determines where vulnerabilities may
exist and sets priorities for addressing them; and third, it
will reveal what needs modernization and help identify
solutions. Congress should use oversight to enforce existing
inventory requirements and establish new requirements where
there may be gaps.
My second point is to identify meaningful funding for IT
modernization. Last Congress, ITAPS strongly supported the
efforts by Chairman Hurd, Ranking Member Connolly, and others
to fashion a bipartisan means of funding IT investment, and we
encourage their continued focus on this problem.
The funding challenge Congress must resolve is that
agencies either have the appropriations to continue operating
the IT investments they have already made or fund investments
in modernization, but they do not have enough funds for both.
Without such a change, the Federal Government will be unable to
modernize IT or effectively protect networks and systems from
cyber threats.
Third, invest in a tech-savvy workforce. While there are
many smart and tech-savvy IT personnel within the Federal
Government, there are simply not enough of them. Congress
should focus on establishing better IT training and digital
capabilities for existing personnel to make them more tech-
savvy, regardless of their role. Congress should also work to
unencumber the Federal hiring process to attract new talent
that can bring new ideas into the Federal workforce.
My final point is that we should unleash the innovative
power of the existing industrial base and the commercial
sector. We already have innovation in the companies that sell
goods and services to support the government mission, but
government's unique compliance requirements on vendors distorts
what they can sell and how they can deliver it. For commercial
companies, such compliance requirements are often prohibitive.
Congress should address these burdens and remove those that
do not improve the acquisition outcome or derive better value
for the taxpayer. In other words, Congress should help make the
government a better customer.
Not all of these challenges can be addressed through
legislative actions, but many solutions and outcomes can be
driven through the oversight role that these subcommittees and
Congress can exercise. Additionally, much of what I have
identified requires cultural changes, some of which will not be
simple and congressional oversight of agency management can
help to drive those changes.
We did not get where we are overnight, and solutions and
modernization will not happen overnight either. However, we can
no longer accept that these challenges are too hard to address.
I encourage the committee and Congress to embrace and enable IT
modernization and all that it can deliver and reimagine IT
acquisition with us. We are ready to help with such an
undertaking.
Thank you again to the chairmen and ranking members and
members of the committee for the opportunity to present these
thoughts. My submitted testimony addresses these and other
related topics, and I'd be happy to address your questions at
the appropriate time.
[Prepared statement of Mr. Hodgkins follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, sir.
Ms. Lee, you are now recognized for your five-minute
opening remarks.
STATEMENT OF DEIDRE LEE
Ms. Lee. Mr. Chairman, Ranking Members, members of the
subcommittee, my name is Deidre Lee. I am the chair of the 809
Panel and a retired Federal employee. I submit my statement of
the record, and I will summarize for the committee.
A little bit of background first on the 809 panel. The
panel was established by the fiscal year 2016 NDAA and amended
by section 863(d) of the fiscal year 2017 NDAA. The amendments
specifically clarified the independence of the panel.
The panel, by statute, was authorized to focus on DOD,
although, as we all know, what happens at DOD often is
reflected across the government. But the main question is, is
the acquisition system as we commonly refer to it impacting the
ability of the Department of Defense to maintain--obtain and
maintain technological dominance, whether that be in our IT
systems, our weapons systems, or our back-office systems. How
is the acquisition impacting that?
Also, specifically in the statute we were to streamline the
system, improve efficiency and effectiveness, look at
appropriate buyer and seller relationships, and look at the
financial and ethical and integrity of Defense programs. It's a
big scope.
The panel was seated in August of 2016, and we have 18
commissioners, as we refer to them, which are appointed panel
members, and they are listed in the--my written testimony, but
I will just very briefly go through them: Mr. Dave Ahern, who
is a well-known program manager at the Department; Major
General Casey Blake, he is the head of Air Force contracting
at--currently; Mr. Elliott Branch, I'm sure the committee has
seen Mr. Branch. Mr. Branch is the head of the Navy
contracting; Al Burman, prior OFPP administrator; David
Drabkin, well-versed in GSA and also worked on the Pentagon
renovation; retired Vice Admiral Joe Dyer, well-known for his
program management; Cathy Garman, a prior staffer on the Hill
here; Claire Grady, the current defense procurement and
acquisition policy director; Brigadier General Mike Hoskin with
the Army who is Army contracting; Bill LaPlante, prior SAE;
retired Major General Ken Merchant from the Air Force; Mr. Dave
Metzger, who is practicing attorney and is well-versed in
protests and those--that realm of our oversight; Dr. Terry
Raney; retired Major General Darryl Scott, who is very familiar
with contingency contracting, served for us overseas; retired
Lieutenant General Ross Thompson, same, Army but contingency
contracting; Larry Trowel and Charlie Williams, previously
chair of the DCMA. So as you can see, we have a broad group and
a lot of work to do here.
Our panel has already formed eight teams, and they are
statute baseline. We were specifically told to do that and
we're doing that. We have streamlined the acquisition process.
We're looking at commercial buying. We're looking at barriers
to entry, successful programs, information technology
acquisition, and budgets, fiscal constraint, and then workforce
has been mentioned here.
As you know, we do have an IT acquisition team formed a
bit--over a month ago so it's too early to give you specific
results. And I could and would like to spend a great deal of
time talking about what we've found in each committee, but
there simply isn't time and that's not the focus of this.
We have met with over 100 people, meetings, associations,
but I can tell you that there are four recurring themes that we
see, and they're covered more in depth in my testimony, but I'm
just going to name them here.
We--our themes that we see are we need to execute to
mission mentioned by almost every one of my prior testimony. We
are sometimes more engaged with other nice-to-do but ancillary
actions that impede our mission. I think Chairman Hurd covered
that quite well.
We need to simply everything. Often, we talk about the big
programs and the big dollars, but simplifying the little
transactions matters, too, and we have just simply too much
regulatory underbrush that needs to be cleared out, modernized,
updated.
We need to value time, and I'm going to go a little bit
over what someone said here. It would be nice to turn the
technology in three years and completely renovate, but it takes
us two years to issue a contract. How are we going to get
there? This has got to be reduced. We treat time with disregard
and that has to change.
And then the last one I'm going to mention here is we need
to decriminalize commerce, and we can discuss that further
should you care.
None of this is new. Our point right here is we need to go
bold. The time of nibbling around the edges, making minor
adjustments is well past us. What our committee--what our panel
is going to come up with is going to be in many cases
controversial, and it will probably impact some very
specialized groups. The time is now. We're blocking our own
ability to reach technology.
[Prepared statement of Ms. Lee follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, Ms. Lee.
I would now like to recognize Mr. Hice for five minutes of
questioning.
Mr. Hice. Thank you, Chairman Hurd. I appreciate it a great
deal.
I think all of us know just based on your testimony there
have been a number of failed IT projects in the Federal
Government. And many of these projects go on for years and
years and years before someone finally steps in and stops the
bleedings. And the examples are abundant. One of them that
comes to mind is a VA. For years, they tried to develop an
integrated financial and asset management system across the
agency. In 1998, they made their first attempt at this project.
Then, they terminated it six years later in 2004. So 2005 rolls
around and they decide to try it again. As recent as 2009, they
had planned to deliver a fully operational system by 2014, but
all of it was terminated in 2011.
That program was $609 million. And the examples are on and
on and on. NASA, NOAA, and DOD, $15 billion project that lasted
over eight years before it failed. It goes on and on and on and
on.
So, Mr. Powner, let me begin with you. Why do so many of
these projects fail?
Mr. Powner. So there are some common themes on all these.
The VA systems you talked about, the requirements were poor.
They had a very poor schedule. There's also a lack of focus on
delivery.
The combination of the DOD/NOAA satellite acquisition, we
started off on that, requirements weren't good, the complexity
was far too much. We finally settled on a satellite that had
far less sensors. So this gets back to some basic things that
FITARA's trying to do. If these agencies would go smaller in
more incremental bites, we would deliver a lot better. It would
be easier to define your requirements in smaller increments and
deliver in smaller increments. I think that's key.
Also, too, with some of these programs there wasn't real
clear accountability. I think with what you're trying to do
with FITARA where the CIOs are in charge, one of the comments I
made in my opening statement is we just recently talked to all
24 CIOs and only eight of them told us that I have the
authority to cancel one of these troubled programs. So two-
thirds do not have the authority to cancel a troubled program
in their department or agency. We still got a lot of work
there.
Mr. Hice. Okay. So lack of accountability and biting off
more than they can chew basically you say.
Ms. Lee, let me ask you this, just kind of piggy-backing on
what Mr. Powner said, why in the world does it take so long to
fail? I mean at some point--does it take eight years to figure
out this thing is not working? Does it take $15 billion or--why
does it take so long to fail?
Ms. Lee. It should not. You know, that's the basis of what
are your measures, at what increments, who's looking at these
things, how is your contract structured, and the ability--and I
think it was very well said--the ability of people to raise
their hands, speak up, and say something's not going right and
actually have an impact.
Mr. Hice. So who is responsible to raise their hand and say
something's not going right?
Ms. Lee. It certainly depends on the program. If we're
talking large programs, there's usually a program manager who's
in charge of that, and he's usually--he or she's usually
surrounded by a team.
Mr. Hice. All right. So the program manager is where the
buck stops in your opinion ----
Ms. Lee. In my ----
Mr. Hice.--your testimony, okay. So ----
Ms. Lee. For large programs, for large--some are smaller --
--
Mr. Hice. Well, sure. Yes, but the larger programs I think
is primarily what we are zeroing in here.
Mr. Spires, you led the IRS Business Systems Modernization
back in '04. You have had a lot of experience with all this. In
your opinion, why do these projects fail?
Mr. Spires. Well, pick up on the themes here but even what
some more points on this, it is the program management's--
manager's responsibility and his or her team to drive a
program, but what I have found too often in government is that
the program manager really is not given the authority, right,
many times, and there's not a decision-making, a governance
model at the highest levels of the agency to effectively guide
and to help the program manager. So I've actually reviewed
programs, sir, where you literally have had program managers
being pulled different directions by different senior leaders
in the organization. That's a recipe for failure.
I have found over and over in reviews of programs, probably
reviewed more than 100 major programs in U.S. Federal
Government that we usually have failure when a combination of
not having the skilled program manager and the team that's
supporting that program--and I'm talking about government
people here. This isn't just about contractors, government
people. And we don't also have a good governance model that's
set up so you have the right people together to be able to make
the right decisions. And time and time again, that's where I've
seen failure.
Mr. Hice. My time is expired, Mr. Chairman, but there is a
real key here with these project managers and a lack of
accountability and this whole structure, that there is a major
breakdown there. Ms. Lee, your comments about the
criminalization of commerce, I would love to hear you go deeper
into that situation as we had time. But thank you, and I yield
back.
Ms. Lee. Mr.--if I may, on one of the things we're seeing
from the 809 panel is certainly what was said here about the
team around the program manager, but that team has all got to
have the same driving goal, which is achieving performance and
results. Unfortunately, we are seeing many conflicting goals.
Someone who's specialty has--you know, they really have to
drive home their test or someone else who's focus is on
something else. And that confluence of competing priorities
does impact a program.
So one of the things we're seeing from a panel standpoint
is we may recommend it--we're not at recommendation stage yet--
but to say we need to boldly declare that the purpose of an
acquisition system is to buy the right thing timely at the
right cost. The other nice-to-do, good-to-do are secondary
goals and must be managed as such.
Mr. Hurd. Thank you. I would now like to recognize Ms.
Kelly for her five minutes.
Ms. Kelly. Thank you. It seems the moment you buy the
latest smartphone, the next model is already out and twice as
powerful as the one you bought before. If this is hard to say
current with one personal device, imagine the difficulty of
keeping current with the vast information technology portfolio
that GAO projects to reach $89 billion this year alone.
Ms. Lee, this is a problem you have seen as part of your
work on the Section 809 Panel, which you have described to us.
How do you think this panel will be different from so many
other acquisition reform commissions of the past so that are
not simply identifying a problem, which you have done so well
and others, but are actively working to solve them?
Ms. Lee. Ms. Kelly, that--thank you for that question. One
of the things that we've been instructed very clearly from
meetings with our constituents and in fact some of the stuff is
we want to be more 809 Panel-esque, and if you recall the 809
Panel delivered as part of the report actually line-in, line-
out language so that as you deliberate--you the Congress
deliberate and say, yes, we think that's a good idea or no, we
don't like that one, but we've actually shown you how we
believe--if it's statutory, you know, and we are doing the
trace-back of all the regulations to the statutory base if
there is one. If not, where did it come from?
So some of these recommendations may be able to be made
regulatorily, but some of them, and a good number of them, do
have statutory base. So what we're offering forward in our
report will be that detailed last--not last mile, last inch of
a report.
Ms. Kelly. Thank you. When Clinger-Cohen was passed, the
internet was will an emerging consumer technology. The way we
use and buy technology has dramatically changed since the mid-
'90s and government is relying on a 20th century procurement
system to acquire 21st century technology. How can this panel
ensure its recommendations are technology-neutral enough to
accomplish both today's information technology and whatever may
become possible tomorrow?
Ms. Lee. Ms. Kelly, my mantra for this panel that gets some
people's attention and makes a lot of people nervous is go
bold. If we don't give you bold recommendations, we will have
missed the mark. And we are looking at things such as that
question. Is the competition of the 21st century the same as it
was when some of the--when the Competition in Contracting Act
was enacting? Maybe competition occurs differently, maybe at a
different level, maybe in a different format, which would
significantly change how we contract.
We are looking at what I call remedies. We have a very
robust protest system. Is that the correct remedy approach for
both the government and industry? Extremely controversial area.
We are looking at and asking ourselves, okay, we have a lot of
good socioeconomic policies. Individually, they're all good
things to do. Collectively, they're crushing. And we're looking
also at the underbrush. We've found some very anecdotal things
right now but some, you know, little things that we're putting
clauses in contracts and, as Mr. Hodgkins mentioned, a new
entrance going--is going what's this? I have to sign up to
these 155 things? And oh, by the way, you'll get back to me in
two years?
We've actually met with some people on the West Coast who
said a quick no is better than a tortuous yes and that our
system is a tortuous system. And those are for people who we
kind of want to do business with, and they look at us as a very
risky and perhaps unattractive ----
Ms. Kelly. Right. Have you happened to find any best
practices in your work on the Section 809 Panel that can be
applied to other agencies? Or it sounds like not really but I
will give you a chance.
Ms. Lee. Well, we're early. We do have a team that is
looking at mostly major weapons systems. Obviously, there's the
big dollars but smaller number of transactions. We're also
looking at the smaller dollars with larger numbers of
transactions, but even in DOD, smaller dollars is hundreds of
millions of dollars. So what we've found--we've got one team
looking for an odd approach, what went right and how can we
replicate that across other buy systems processes? And if we
can, why don't we?
Ms. Kelly. And, Mr. Spires, do you think the Section 809
model can be successfully applied to other agencies?
Mr. Spires. Well, let me--you know, it's good you asked me
that because I was just thinking not all programs and projects
are alike, right, and there are very specialty things about IT.
The good news about IT is that the technology and the methods
have evolved so--Mr. Powner was talking about incremental,
whether using, you know, agile development techniques or the
like. I'm a huge believer--and in fact, the more complex you're
trying to build an IT system, the more you should be doing
prototyping and piloting up front so that if you're--if you've
got an architecture--a technical architecture that's not going
to work, you find that out early in the program. Okay. These
are some of the mitigation technologies, approaches that you
can use in IT that, you know, may be applicable to other areas.
So I'm--you know, the 809 Panel, I'm really interested to
see what they come out with, and I'm sure some of their things
will be very beneficial, but you also need to make sure that
it's specific to IT acquisition and various types of IT
programs.
Ms. Kelly. Mr. Hodgkins, is there anything government is
getting right with IT? Quickly, quickly.
Ms. Lee. You get the hard questions.
Mr. Hodgkins. Yes. Thank you, Ms. Kelly.
Yes, I mean, given the constraints that the current
workforce has to work under, they're doing an exceptional job
of keeping antiquated systems functioning on really critical
mission areas. You know, we target our nuclear systems with
decade-old mainframes. We keep the Social Security system and
the IRS systems running on decades-old mainframes. And with
what they have to work with, they're probably doing a--I would
consider exceptional keeping those old systems functional.
And there are pockets where we're having the opportunities
to make improvements. There was discussion about the innovation
labs; 18F has made some progress in some areas. USDS has made
some examples. And we need to figure out how to take some of
those activities and scale them more broadly.
Ms. Kelly. Thank you.
Mr. Hurd. Mr. Russell--my intention is to get through
Russell, Connolly, and I, so please, let's keep it to five
minutes so that we don't make our panelists wait any longer
than they have to.
Mr. Russell, you are recognized for five minutes.
Mr. Russell. Thank you, Mr. Chairman. And thank you for
being here today. If this were an easy problem, we wouldn't
have five witnesses, and the expertise that you bring is
significant.
Ms. Lee, in your testimony, you have both stated and
alluded in your comments that for many, the benefits of doing
business with government are not sufficient to offset the
associated risks. And, you know, that is precisely the
environment we don't want to create. We want to try to solve
problems with industry and innovation, but it becomes too
difficult to work with government.
But you also mentioned criminalizing commerce. Can you give
some examples of that?
Ms. Lee. We treat every--people are going to make
transactions, they're going to make tradeoffs, they're going to
make decisions. We treat many decisions when something goes
wrong as if it's a very nefarious action. You think about from
an industry standpoint when I was in industry an error on a
bill or a billing error can carry with it treble damages, and
each invoice is counted as a separate act. It's oppressive.
I'm all for ethics, integrity, and good governance, but
putting so much fear in the system that we scare away not only
good partners but good people, we've got to look at what really
business transaction we're trying to achieve and how we can
make sure that the system is fair but not so onerous that
people can't or won't participate.
Mr. Russell. Who would make that determination to provide
that type of latitude? Is that something statutory or is that
something that we give the judicial branch latitude? Or what is
the fix, really anybody?
Ms. Lee. That's what we're digging into, and very--too
early for me to speak for my 18 commissioners, but we do need
to look at ----
Mr. Russell. Well, you raise an excellent ----
Ms. Lee. Purpose?
Mr. Russell.--point. Right.
Ms. Lee. Process. We need to look at some of the oversight
process. We need to look at some of the audit process. I will
give you a personal example. When I was up and coming in
acquisition, the auditor was my friend. I went to them and said
can you ----
Mr. Russell. The auditor is ----
Ms. Lee.--help me?
Mr. Russell.--never your friend, Ms. Lee, right?
Ms. Lee. Yes.
[Laughter.]
Ms. Lee. You know, can you help me get this right? We had
internal auditors. Now, that is all changed, and the people
trying to do the right thing are staying a mile away ----
Mr. Russell. Sure.
Ms. Lee.--from the auditor.
Mr. Russell. Yes. Well, and, you know, like we often joke,
nothing is so hard at government that we can't make harder, and
I think we see an example of that.
You also spoke to the effect of going bold and that to do
otherwise is to put our military's mission at risk. Could you
explain and elaborate a little bit more on the impacts of the
mission? I mean, Mr. Hodgkins also talked about, you know,
using eight-inch floppy disks for our nuclear defense, you
know. Gosh, I guess that is one way to be secure from cyber
warfare as we use systems that nobody has anymore, you know,
they don't know how to acquire. But, you know, these are some
of the problems. But would you care to speak a little bit to
that?
Mr. Hodgkins. Well, the systems that you're discussing, we
shouldn't jump to judgment that all the systems we have in
place need to be replaced. That's not the case. We do connect
systems that were never designed to be plugged into the
internet to the internet, and that creates vulnerabilities. But
there's different systems with different mission needs, and we
have to look at it. That's why I suggested that we need to do
that inventory. And then we can figure out exactly what
everyone owns and what they're using it for, what software it's
running, what is the mission need, and it also will lend itself
to identify solutions about we need to modernize this and we
need to leave that one in place.
Mr. Russell. I appreciate that. And, you know, on this
committee all of us are really dedicated to that. In fact, it
was this committee, Mr. Cartwright and myself, that authored
the MEGABYTE Act, you know, that gave latitude to agencies to
be able to use suites of software rather than buy entire
packages for portions that weren't being used. I don't know if
that has had any impact or not, but, you know, it seemed like a
no-brainer. And, you know, by all estimates it was supposed to
save $4 billion.
And so I understand maintaining legacy systems if they're
in a unique niche that really--you know, you don't want
anything else to share, but is that the approach that we want
to take when we can consolidate--the CIOS--if you were to read
Senator Cohen's testimony, I mean, it sounds like today--Mr.
Spires?
Mr. Spires. Well, yes, Mr. Russell. I would weigh in here
that--back to my point about going bold. I mean, I have said we
need to go bold on IT infrastructure in a big way. You know, I
ran the systems at IRS for a while. I was the CIO there. And,
you know, we're not going to replace tens of millions of lines
of COBOL code any time soon. That stuff's going to continue to
run. But what we can do is modernize the infrastructure that
that stuff runs on, move much more to the cloud infrastructure
because the security models are there now. And I think we save
a lot of money. We simplify a lot of things, which is a big
part of the issue. We consolidate tremendously. And then you
can go after and tackle these--a lot of these legacy
applications that are really going to be very difficult to
replace, you know, any time soon. But at least you're running
on modern infrastructure. Your cybersecurity posture is much
improved. So that's a go-bold approach.
Mr. Russell. Thank you. And thank you, Mr. Chairman.
Mr. Hurd. Thank you, Mr. Russell.
The gentleman from the Commonwealth of Virginia, Mr.
Connolly ----
Mr. Connolly. Thank you, Mr. ----
Mr. Hurd.--five minutes.
Mr. Connolly. Thank you, Mr. Chairman.
Ms. Lee, I have got to say you have added some bon mot to
the Federal language. I mean, to refer to something as a
Section 809 Panel-esque, not quite 809 but close, and then the
auditor is your friend. I mean--well, I know, but just hearing
that is sort of like--I am here from the government and we are
here to help you. Anyway--but thank you. I appreciated very
much your testimony, and it is great to see old friends at this
panel.
Mr. Powner, you were at an event the other day or maybe a
hearing where you talked about some of the sunset provisions in
FITARA that we need to address, and chief among which was, for
me, the data center consolidation ----
Mr. Powner. Yes.
Mr. Connolly.--sunset provision, which for some strange
reason closes the door in 2018 at the very moment we are
finally beginning to make progress. Your recommendation?
Mr. Powner. So I think clearly you need to extend that at
least several years on data centers. And the reason I say that
is if you look at optimization metrics, right, we want to save
money, we want to optimize centers, only about a third of the
24 departments and agencies will meet like four to five of the
key optimization metrics. The other ones are self-reporting
that they're going to be nowhere near that in 2018.
So what does that mean? We need to give them a little more
time to save money, to meet these optimization metrics. But I
think there is a fundamental question--I agree with Mr. Spires
on this--on infrastructure. We started this in 2010. It goes
through 2018. If you extend it a couple of years to 2020, if
you can't meet optimization metrics in 10 years, they should be
out of the business. We should go to cloud solutions. I agree
with Mr. Spires on that. Ten years is a long period of time,
and at some point you got to say maybe you shouldn't be in the
business of running data centers. Let's give them a chance to
see what happens, but we need to think about that.
Mr. Connolly. Ms. Lee, that sounds like going bold to me.
Ms. Lee. Time matters.
Mr. Connolly. Yes.
Ms. Lee. We've come to the point where we've seen--as I
said, we treat it like a valueless, endless commodity when,
especially in technology, things turn so quickly, and yet we're
content to make very lengthy contracts and very ----
Mr. Connolly. By the way, we need you looking at FedRAMP.
Time matters. It is supposed to be like six months and a
quarter of a million dollars. It is now up to two years and $4
or $5 million. You know, unacceptable and we are going to have
to look at that at some point if they can't fix it
administratively.
Mr. Spires made a number of recommendations in terms of--
well, I think two recommendations in terms of adding to the
scorecard. And, Mr. Powner, your reaction to those
recommendations?
Mr. Powner. Yes, I think, you know, his suggestion on the
commodity--the way that we measure the commodity area, that's a
potential--I mean, a lot of this, as you well know, it's based
on available data. We're open to that.
I do think, though, when you look at the Federal workforce,
this was discussed earlier, I think assessing each agency on
how they assess and address their Federal workforce needs,
including the cyber area, that's key with the 2015
Cybersecurity Act. I think that's another key area because it's
also about the people and do we have the right people on board.
Mr. Connolly. Yes.
Mr. Powner. It's something we'll work with your committee
on.
Mr. Connolly. Unfortunately, we are running out of time
because of votes, and I promised the chairman I would stick to
five minutes. I am in fact sticking to three-and-a-half. I
yield back the balance of my time.
Mr. Hurd. You all saw it here first.
[Laughter.]
Mr. Connolly. No good deed goes unpunished in this city,
you know?
Mr. Hurd. Thank you all for being here. There has been
probably four or five topics that--and just you all's quick
comments that we can follow up with the scorecard. So thank you
for that. And you have helped me--one of the things as we are
looking at a project on what I have been calling the Cyber
National Guard, one of the problems we have is what are the
needs in the various agencies when it comes to the IT staff,
right? What positions, you know, what certifications are they
going to need in order to come straight in? And so having that,
you know, addressing that need across the spectrum is
important.
Mr. Puvvada, a couple of questions for you. GSA maintains
the schedule contracting, which accounts for more than $30
billion in annual transactions. What do you see as the pros and
cons in this system? And also, your company is no longer
participating in the GSA schedule contracting. Can you talk
about what led to that?
Mr. Puvvada. Sure. So there is a benefit to having a
standard set of offerings that could be leveraged across the
government whether it is schedule for services or schedule for
product. The problem comes with what Ms. Lee and Mr. Hodgkins
talked about is onerous reporting requirements to have most
favored pricing, which is very hard to do for global
corporations that provide services and solutions that cross,
you know, several industry sectors.
What happens is there are particular elements of solutions
that we offer, for example, similar to several other companies
that there is no way to keep track of that. For example, the
price we offer for a particular product is in the context of a
bigger solution element. So we have no way of most often
keeping track of the cost. So we chose not to participate on
the product list because we would spend an inordinate amount of
time reporting and keeping track of it and also I pick up on
the decriminalization aspect, which is the penalties that are
acquired are very onerous.
So we'd recommend that GSA take a look at a more balanced
approach in trying to look at it from the perspective of how
could I get the innovation and get a good value for the
government but not necessarily go to the level of detail that
is required to provide reporting and be consistent about it and
have a contextual understanding of how they're assessing the
best price that they get.
Mr. Hurd. I do copy. In your opening remarks you identified
two entities that were examples of positive--the Procurement
Innovation Lab in DHS and the HHS Buyers Club. Is that what you
said ----
Mr. Puvvada. Yes. Yes.
Mr. Hurd.--Buyers Club? Can you talk to me about--you know,
take 45 seconds, a minute and explain why you highlighted those
two?
Mr. Puvvada. So both of these organizations have a similar
profile. So what the leaders within the organizations are doing
is providing a--an innovation approach in contracting where
they're allowing risk-taking and come up with a modular
contract and best practices and giving air cover to the
contracting officers and encouraging innovation and doing
experimentation and really focusing on the outcomes as opposed
to the products.
So along with that comes recognition for people that do
really well called a badge, Pell badge. So that is an
important--along with, you know, rewards and recognition that
becomes an important element, and that gets a lot of traction.
So what we made the recommendation is that that be widely
adopted and not a whole lot of management, you know, overhead
that is required to take some of those kinds of things and
encourage that risk-taking and cut down that contracting time
is what Ms. Lee was talking about, taking two years to get a
technology.
Mr. Hurd. All right. Mr. Hodgkins, assessing inventory, it
is crazy to me that every time we do another, you know,
scorecard, we find a new database, we find a new server farm,
we--you know, oh, wait, we actually have four connections to
the internet and not two. Assessing inventory, why is it so
hard and what--you know, this is something that we should--
every agency should be able to do in how many months?
Mr. Hodgkins. Well, I mean, we would suggest--and we worked
with your office and Ms. Kelly in particular last year around a
concept to do inventory that, you know, the government can do
this job in a relatively short order. There are some short time
frames of a year or less for some of the actions in that
proposal and suggestion.
The challenge you have is that different agencies treat
those requirements in different ways. Different people define
and interpret requirements. We saw this with data center
consolidation. The first rollout defined a data center as X, Y,
and Z. well, agencies work to make sure their data centers
didn't fit in that metric. And so the CIO's office or others
would define that more explicitly, and agencies would then
again work to exclude data centers to where we have square
footage requirements trying to get at the guy who's running a
server in a closet somewhere. So we have that kind of activity
going on in the context of trying to expose some of this and
drive toward data center consolidation. That's one example I
can point to.
And I think that we have to come up with incentives for the
agencies to expose this information and then act effectively
around what the agencies need to be doing with the directions
and metrics that Congress and OMB would be setting.
Mr. Hurd. That is helpful.
And, Mr. Spires, final question for you. When we get MGT
passed, what is going to prevent--what is going to get in the
way of truly utilizing where a CIO can--when they doing
something and they realize savings, what are going to be some
of those barriers that CIOs are going to have in actually
achieving what we are trying to do with MGT? Is that a fair
question, sir?
Mr. Spires. Yes, it is definitely a fair question. I guess
a couple of points on that, I think you're going to find that
many CIOs--I mean, this whole model that says we should be able
to realize savings through efficiencies and reinvest, right, in
more modernization. I think you're going to have a lot of
issues with that, and that would include up to Congress and
Appropriations Committees, right, because of the way the
budgeting structure works. So you're going to have that set of
issues that goes through OMB up to the Hill.
You're also going to have a situation where--another big
part of it that I really like is this idea of having these
working capital funds so that you got some more budget
flexibility for the IT organizations to be able to work. I
mean, running major programs in my past, it was beneficial,
like when I was at the IRS, to have three-year working capital
fund money so that we could plan these projects out and have
some assurance that we're going to have sustained funding. I
think as long as the Appropriations Committees up here can work
with the agencies to make sure that model works well, that's
great.
I don't think that's where the big problems are, though,
Mr. Hurd. The big problems are still going to be back to the
authorities issues back to, you know, the fact that--and it's
in--and I always like to say it's not about the CIO owning
everything. It's about the CIO working collectively with the
mission owners, with the other CxOs to be able to effectively
deliver IT.
Mr. Hurd. And that is why we go forward with FITARA
implementation we are going to have CIOs, CFOs, agency heads in
front. You know, I know the White House is very committed to
making sure that the agency heads understand the role of the
CIOs and the CIOs have all the responsibility they need since
we are going to hold them accountable. And that is something
that has been very clear coming out of this White House, which
I think is fantastic.
I want to thank all of you for being here to appear before
us today. There has been a lot of information that we can
integrate into work that we are always doing in areas that you
all talked about where we can continue to shine an additional
light.
So I ask unanimous consent that members have five
legislative days to submit questions for the record. And
without objection, so ordered.
There is no further business. Without objection, the
subcommittees stand adjourned.
[Whereupon, at 3:21 p.m., the subcommittees were
adjourned.]
APPENDIX
----------
Material Submitted for the Hearing Record
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]