Cspanstore. Org. Next, a look at efforts to modernize Information Technology across government agencies. The House Oversight subcommittee hearing includes the chief Information Officers from the governmental accountability office, the office of Personnel Management, the white house budget office, and the education department. This is about 2 1 2 hours. Begin in 5, 4, 3, 2, and 1. Welcome, everybody, to the subcommittee on government operations. And our 10th hearing on fitara. Before we begin, pursuant to house rules, most members today will appear by webx remotely. Since some members are appearing in person, or at least this member is, let me remind everyone that pursuant to the latest guidance, all individuals attending this hearing in person must wear a face mask. Im dropping mine only to speak. Members who are not wearing a face mask will not be recognized. Let me also make a few reminders for those members appearing in person. Youll only see witnesses appearing remotely on the monitor in front of you. When they are speaking in what is known as webx active speaker view. A timer is visible in the room directly in front of you. For members appearing remotely, i know youre familiar with webx by now, but let me remind everybody about a few points. First you will be able to see each person speaking during a hearing whether theyre in person or remote as long as you have your webx set to active speaker view. If you have any questions, Contact Committee staff, and they will try to be helpful. Second, we have a timer that should be visible on your screen when youre in the active speaker with thumbnail view. Members who wish to pin the timer to their screens should Contact Committee staff for assistance. Third, the house rules require that we see you, so please have your cameras turned on if youre on remotely on webx during this hearing. Fourth, members appearing remotely who are not recognized should remain muted to minimize background noise and feedback. Fifth, ill recognize members verbally, but retain the right to seek recognition verbally in regular order. Members will be recognized otherwise in seniority order for questions. Lastly, if you want to be recognizedout outside of regular order, you can be identified in several ways. You can use the chat function. You can send email to majority staff. Or you can unmute yourself to seek recognition verbally, though thats the least preferable way to do it. Obviously we dont want people talking over each other. I will begin with my Opening Statement. Mr. Hice, you are on remotely. Yes, sir, im here. Okay. Were glad youre there. I know youre in selfquarantine, and i i know youd prefer to be here physically, but i am really glad we have the hybrid remote option so that you can participate fully in todays hearing and hope everythings going to be okay. And ill call upon you as soon as i finish my Opening Statement for any remarks you may have. Today marks the 10th hearing examining agencies of the federal reformat known as f fitara. Im happy to announce that this steady oversight has produced the first scorecard in which all agencies received a passing grade. This achievement is a testament to the hard work of federal agencies chief Information Officers and also a testament to, i think, this committee and subcommittees steady and bipartisan oversight of fitara since we enacted it in 2014. This isnt just about passing grades. These grades represent taxpayer dollars saved, better Mission Delivery and serving the nation more effectively and efficiently. And during this pandemic, weve come to realize how vital good i. T. And strong i. T. Governance are to federal government and the people we serve. And we certainly have seen limitations because of lack of i. T. Investment, whether it be with the Small Business administration or the struggles of the irs to provide personal checks to all citizens and dependents in america. Weve also seen limitations in the unemployment systems in the 50 respective states. So, it underscores how important these investments and this kind of improvement really are. In november 2014 when we first introduced the fitara scorecard rkts i said i hoped this would be a second in the series of Committee Hearings our agency hopes to gauge the transformative nature of fitaras reforms. Five years later, the benefits of continued oversight are clear and one would be hard pressed to find sustained bipartisan Congressional Oversight Initiative on its 10th installation. These 24 agencies have made real improvements on the scorecard, and i think were putting it up over there on that screen. Over a period of time. In the november 2015, the average fitara grade was a d across all participating agencies. This year, for the first time, no agency received a d, and no agency, of course, received an f. As i said before, these improvements represent Vital Services delivered and dollars saved. Among the fitara scorecard categories with the greatest impact is the i. T. Portfolio review process known as portfolio stat. This process enables agencies to reduce commodity i. T. Depending and demonstrate how i. T. Agencies align with the business function. Portfolio stat went from helping federal agencies save 3 billion in fiscal 2015 to 20 billion this fiscal year. When the software was added to the list, 21 out of 24 agencies received an f grade for that metric. Now 23 out of 24 agencies have as and have an inventory of Software Licenses and use that inventory to make costeffective decisions and avoid duplications. Federal agencies are also closing and consolidating more data centers, resulting in significant cost agencies. 4. 7 billion in cost savings from fis sal years 2012 through 2019. Those agencies have also reported plans to save more than 264 million in this fiscal year alone. At the very first fitara hearing, a witness stated that i. T. Is no longer just the business of the cio. Rather i. The is everybodys business. Never has this been clearer than in the wake of the coronavirus pandemic where i. T. Has saved thousands of lives by enabling people to telework and keep the government and economy running while preserving their own health and safety. Weve seen first hand how the agencies that continued to use outdated i. T. During the pandemic prevented the delivery of Government Services when the public needed them most. Back in 2015, i caution that the fitara scorecard was not to be considered a Scarlet Letter but a point in time snapshot to be able to measure progress and incentivize it. Five years and tense scorecards later, were now at a point in time where all agencies have received passing grades. The first time ever. Fitara 10. 0 marks the point at which we can reflect on five years worth of progress. Initially the fitara scorecard consisted of four metrics including data center consolidation, i. T. Portfolio review saving, incremental project development delivery, and Risk Assessment transparency. Since then, the scorecards success has led this subcommittee to incorporate other aspects of federal i. T. Into the grades. Our framework is not rigid, but like the best of i. T. , it evolves. We augmented and changed the scorecard to examine other key components such as Cyber Security and incorporated constructed feedback from agencies and cios. Today the scorecards grades adapt frd three additional pieces of legislation including the megabyte act, the modern sizing Government Technology act and the federal Agency Security management act. The bottom line is that the fitara scorecard continues to hold agencies accountable and show the American People that they deserve the best i. T. Has to offer. Yet all agencies still have work to do. Today, 2 3 of graded agencies of cios report directly to the head or deputy of the agency. Its true that more cios are finally getting a seat at the table with other c suite positions. But well hear today none of the 24 graded agencies have established policies that fully address the role of the cio as called for my federal law and guidance. We must continue to work to ensure that all cios excuse me have the authority and policies in place to be able to properly do their jobs. This hearing will discuss which existing metrics have achieved their goals and which might need to be considered for retirement. Well also start a careful discussion about what metrics might be incorporated in future scorecards to continue to improve i. T. Across the government. In other words were going to continue this scorecard. Today, i hope to hear from our witnesses in gao about what it takes to continuously improve and use i. T. Acquisition and Management Practices to do that. What powers and authorities might cios in government need to improve government i. T. . And in return what transparency will be provided to congress and the public to ensure the new powers are effective. We must consider to see the dividends for resources toward modernizing legacy systems, migrating to the crowd and strong posture. With the coronavirus, the states for effectively implementing fitara are perhaps higher than ever. When executed well, government i. T. Modernization can ensure the efficient delivery of critical services, improve the governments knowledge and Decision Making and save lives. When executed poorly, it can unfortunate unfortunately lead to outright failures in serving the American People when they need the government the most. Simply put, the fate of the Worlds Largest economy, its no exaggeration to say, rises and falls with the ability of government i. T. Systems to deliver in an emergency. The importance of federal agencys effective use of i. T. Is too great to ignore, and this subcommittee will continue its oversight of agencys i. T. Acquisition and management as we move forward. With that, i call upon the Ranking Member for his Opening Statement. Thank you, chairman conley, and thank you for holding this hearing today on the 10th fitara scorecard. As you well know, this is literally been a bright spot of bipartisan work for this committee. And i look forward personally to continuing to see the development of the scorecards usefulness as it relates to federal i. T. Reform. I also would like to take just a moment and give a shoutout of thanks to the outgoing federal chief Information Officer suzette kent. Shes been extremely dedicated in her service is deeply appreciated. As you well know, enhanced cio authority is one of the pillars, literally, of the fitara, the whole system. And ms. Kent has just done an outstanding job with her leadership and enthusiasm to really help drive some of the i. T. Modernization efforts that have been outlined in the president s management agenda. So, were grateful for her leadership and service and hope to continue to build upon the initiatives that she has championed. But as you shared, chairman, we are here today to discuss the 10th fitara scorecard. Agencies have really made tremendous progress, as you well mentioned, over the past five years, and i wantfive years. I want to congratulate them on their dedication to improve the i. T. Procurement and management processes. A job well done. Some of the things we have seen and accomplished over the last several years include, as you mentioned mister chairman, savings of literally billions of dollars. We have increased transparency for risky i. T. Investments. And of course, the elevation of the sea i owe position and authority within the agency. For all these successes, we are very grateful for what has been done. Obviously, there is more yet that needs to be accomplished. I would suggest some of those things we need to continue to update the metrics so that they better and more effectively match the i. T. Management and implementation practices that are actually being used today. I also think it is imperative that we, as a committee, put in place the right kind of incentives to bring about i. T. Modernization and scale as it relates to the pandemic. I think this is really highlighted to us and exposed the heavy reliance that we have on some legacy systems and some longstanding technology problems. We need to find ways to get agencies to move the needle on some of these crucial issues. I think lastly, we need some forward looking metrics to help modernize government as a whole. I think some of those things would include, moving forward as it relates to citizen experience. I think you actually referred that mister chairman and i think its important we move in that direction. Enhancing the skills of the federal i. T. Workforce. I think we need to continue looking towards, and also just overall, moving towards a more agile and secure Cloud Computing environment. All these things i think are extremely important, that we keep moving towards them. So i look forward to hearing from our witnesses today. I want to thank them all for being here today. We appreciate your time and expertise that you will bring to the table. With that mister chairman, i will yield back. Thank you, sir. Thank you mister hice. I also want to thank you personally. You and i have talked about this, this subcommittee has always had a strong bipartisan thrust, especially on this subject. I worked closely in writing fitara and expanding on it will and having these hearings on the scorecard as well as with mr. Meadows, now chief of staff to the president of the United States. Youve pledged to do the same and i very much appreciate that and look forward to continue going to work with you i hope youre okay and healthy in georgia. Thank you for your remarks. Miss harris, if you would unmute yourself in order to be sworn in. It fired three witnesses who are here in person would rise and raise the right hands. Do you swear or affirm that the testimony you are about to give is the truth, the whole truth and nothing but the truth so help you god . Let the record show that all of our witnesses answered in the affirmative. Without objection, your written statements will be part of the record. I now call on carol harris, director of i. T. Management issues at the Government Accountability office to give us her summary testimony. Welcome miss harris. Thank you chairman connolly. Ranking member hice and members of the subcommittee. I would like to thank you and your excellent staff for your continued oversight of federal ip management in cybersecurity with this tent set of greats. It hasnt been nearly five and a half years since fitaras enactment and your scorecard has served as a good barometer to measure progress of its implementation. During this time period, the agencies have made significant progress. In this latest scorecard there is one a, nineties and 14 seas. As you mentioned, this is the first scorecard in which all 24 agencies received a passing grade. This is huge considering only seven agencies at passing grades in the first scorecard. In addition, the agency with the greatest transformation has been the department of education. Moving from in f to a b . I will focus my remarks on a look back on the progress made since scorecard one. Where things stand now and where we need to go. First, Agency Progress made. I will start with Incremental Development. A number of major i. T. Projects utilizing Incremental Development has increased from 58 to 76 . In addition, the level of transparency on the dashboard has improved with 61 of Major Projects being reported as red or yellow as compared to 24 with the first scorecard weve also seen dramatic improvements in the agencies management of Software Licenses, going from two a to 23. To date, the agencies have also closed more than 630 data centers and saved just shy of 20 billion dollars through portfolios that initiative. The progress made in all of these areas would not have happened to this extent without your score card and oversight. While these accomplishments are indeed noteworthy, significant actions remain to be completed to bailed on this progress. This brings me to my new point my next point where we are at. One third of the agencies cio still are not reporting to the agency head cio of told us this reporting structure is critical in carrying out the responsibilities. It gives cios a seat at the management table and will help attract more qualified individuals to these positions overtime. In addition, about half of the agencies have not established working Capital Funds for use in transitioning from legacy i. T. Systems roughly 80 of the over 90 billion dollars spent annually on federal i. T. Is on operations and maintenance including aging legacy systems. Establishing these funds are so critical so that the savings from Software Licenses, data optimization and portfolios that can be reinvested in agency i. T. Modernization priorities. If each of these agencies did these two things, the grades will be for a, b and five c. These grades are achievable by the next score card we remain concerned by obese current guidance which revised the classification of data centers and Data Center Optimization metrics. For example, onbs new data Center Definition excludes more than 2000 facilities that agencies previously reported on many of these excluded facilities represent what onb itself has identified as possible Security Risks. The changes will likely slow down or even halt important progress agencies should be making to consolidate, optimize and secure their data centers. Finally, regarding where we need to go score card wise. The preview of the federal telecommunications transition will draw urgent attention to an area that has historically been neglected by the agencies. For example, at the prior telecoms transition occurred on time, agencies could have saved 330 Million Dollars as i testified before you earlier this year, the agencies are behind schedule and could again be missing out on hundreds of millions and savings. You score card will be an effective means for Holding Agencies accountable and ensuring a timely transition. Mister chairman, this concludes my comments and i look forward to your questions. Thank you miss harris. I look forward to those questions as well. Clare martorana, have i got that right clare . Close. Martorana pardon me. Youre recognized for five minutes. Chairman connolly, Ranking Member hice, members of the subcommittee, thank you for the opportunity of discussing the status of Information Technology at the office of Personnel Management and to provide thoughts on the future of four tara. I joined oh pm in february 2019 as the seventh cio in seven years. Answered in agency with several key challenges. Critical staffing vacancies, antiquated infrangible technology and a charge to fully transition the i. T. Systems for National Background Investigation Bureau to the department of defense, which we hope to complete this fall. There is a new federal cio coming from the private sector, this is admittedly a complex operating environment. Meeting in balancing numerous executive, legislative and oversight requirements while working in an uncertain and inflexible budgetary cycle is quite challenging. However, i would like to focus on what is possible because that is what opm employees and the American People deserve. One of the first authorities i learned about was fitara. As cio, it provides me with an operating framework and mandate to make enterprise i. T. Decisions and Strategic Investments that make best use of taxpayer dollars. I have received a steady stream of support from opm leadership and, im sorry, i received a steady stream of support from opm leadership to meet the provisions of fitara by stabbing an agency Wide Enterprise i. T. Strategy. We anticipate working with Program Offices and enabling organizations as we move forward in this direction. We are extremely proud of raising opm fitara score to a c . With only one minute new higher and no income increase in incremental funding, weve been able to make significant progress and show people within oh pm what is possible. Like rolling out new laptops across the organization and moving to cloud email. This has enabled us to continue meeting our mission while supporting the csa employees and contractors in a maximum teleworking environment during the pandemic. And just a few weeks ago, the dedicated cio Team Successfully migrated our mainframe platform from the Teddy Roosevelt building here in d. C. , to a commercial data center. Opm and dcsa systems are now fully operational in a new modern environment with continuity of operations in place. Once we transition the daily i. T. Operations of this Important National Security Mission to our colleagues at the department of defense this fall, opm will be able to focus on our mission and begin our digital modernization journey. I would like to now touch on a few enhancements to fitara that could drive digital modernization at opm and across government. The first is funding flexibility. Opm legacy funding model with several streams for cio, creates incredible complexity and in flexibility to address our i. T. Challenges. By standing up a working capital fund, with transfer authority dedicated to i. T. Enterprise investment and cio authority over this funding, we will create enterprise efficiencies and measurable cost avoidance also, modern technology because federal employees deserve the tools ive had the benefit of using in the private sector. Attracting, retaining, training and rescaling our workforce with a Customer First mindset utilizing agile development, modern tools and modern technology is essential. Our modernization strategy begins with upgrading our existing paper based processes and work flows with modern electronic equivalence. This will allow us to retire and life systems. All of these are possible if we work on modernizing opm together and giving opms customers the 21st century experience that they deserve. I look forward to working on this digital modernization journey together. Thank you for the invitation and i look forward to your questions. Thank you miss martorana. Mr. Jason gray, chief Information Officer of the department of education. You are recognized for 50 five minutes. Thank you chairman connolly, Ranking Member hice and members of the subcommittee for this opportunity to appear before you today to talk about the progress the department of education has made in implementing fitara. I would also like to thank you for your continued support and commitment to improving ikea management across the federal government. I appreciate the support i received from secretary devos and deputize the secretarys ace. It has been critical to the departments fitara implementation. I also want to thank my colleagues in federal student aid, the assistant secretaries and everyone in my office for their continued hard work, commitment and dedication. I would like to briefly share an update on our i. T. Moderna station efforts and describe the impact fitara has had on my ability to effectively manage departments i. T. In my june 2019 testimony before this committee, i shared that the department had just completed a massive wholesale modernization of our i. T. Infrastructure. This effort transformed the way my Office Delivers ip services to the department. Within a five month timeframe, we migrated over 450 terabytes of data into a secure cloud environment and replaced approximately 5000 laptops with new or high performing models. Our users went from experiencing 20 minutes of laptop boot up time to less than a minute. That translates into a return on investment of more than 1500 hours of previously lost productivity per day. The cloud environment enabled us to reduce the Departments Service storage cost from a dollar 43 per gigabyte to 12 cents per gigabyte. The Department Anticipates saving 1. 25 million due to this initiative. While the department will realize cost savings, the true point of the initiative was to respond to the departments need throughout the pandemic. Do in large part to modernization, weve been able to support 100 percent work Remote Workforce with minimal impact. When our issuance process was suspended due to staff not being able to come into the office, we were able to quickly evaluate and implement within days, not months, a solution to virtually on board 300 new employees and contractors to date. Why fully embracing the cloud, we were also able to complete a Massive Technology refreshed of 28 major systems, more than 700 service and more than 500 terabytes of data over a single weekend with no impacts to services. In a traditional environment, this would have taken us weeks to accomplish. Without fitara, we would not have been able to complete the modern massive modernization initiatives last year, and certainly not within the timeframe i described. It was through the relationship i have with secretary device and the relationships we had built across functional areas that i was able to drive the departments i. T. Priorities to achieve our i. T. Modernization goals. The initiative was a cornerstone of our fiveyear i. T. Modernization plan and strategic roadmap. Id like to thank you for providing us with the opportunity, pulling my testimony last year, to brief representatives of this committee on it. When we originally developed our modernization plan and strategic roadmap, we identified shuttle i. T. , redundant or duplicative systems and manual or obsolete processes. The institutionalization of fitara in the departments governance process as provided me with the mechanisms to continually isis and rationalize our i. T. Portfolio and adjust our plans accordingly. From strategically aligning our i. T. Resource management plants with the requirements of the foundations for evidence based policy act of 2018, to prioritizing investments to comply with the 21st century integrated digital expense act, for evaluating the value of shirt services for capabilities such as grants management to the Rapid Response actions it required to address emergency cybersecurity directives from dhs. I am able to achieve a level of visibility necessary to understand the impact to departments i. T. Resources. While we have made significant strides in our fitara maturation and i. T. Maturation initiatives. We continue to see congress is assistance with the establishment of a working capital fund. We coordinated to obtain appropriations language that will allow us to transfer funds to working capital fund and included a request in our president s budget request for both 2020 and 2021. I respectfully request your assistance with obtaining this transfer authority to further enhanced the departments ability to achieve the goals of the tara. And conclusion, the department has established a solid fitara framework and have clearly demonstrated our ability to leverage it in support of the departments mission. But we do recognize that fitara and i team attorneys asian is attorney and it is important to continually improve. I thank you for your time today and i look forward to your questions. Thank you, mister gray. Its good to have you. We will certainly try to work with you on the transfer authority. Our final participant in this panel is maria roat. Is that correct . Yes, sir. Shes the deputy management Information Officer. Thank you chairman connolly, Ranking Member hice, and members of the subcommittee. Thank you for giving me the opportunity to discuss fitara and how we can drive and sustain government wide i. T. Modernization. I joined omb eight weeks ago as the federal deputy chief Information Officer, bringing a career of federal and military experience and an Agency Perspective to my role. Throughout my career, ive seen firsthand the value of investing in modern Scalable Solutions and how taking prudent risks, collaborating, brainstorming and sharing ideas and concepts drives change. And i have experience as a cio and know how a Strong Partnership with, and a commitment from the business stakeholders, can improve how the government meets its mission and serves the american public. Covid19 put a spotlight on Digital Transformation and the need to adapt quickly. Every agency worked had never experienced levels of teleworking. There was a sense of urgency and ceos were entrepreneurial, creative, innovative and agile. Since the first fitara scorecard, Technology Investments in cloud and infrastructure enabled and overall seamless transition to teleworking. Simultaneously, were cios positioned to rapidly deploy and scale up platforms to respond to covid difficulties. Cios the point virtual desktops to replace the purchase of costly hardware for surge employees. The ceo counsel identified areas for future investments and improvements where we need to address gaps or move faster. We must keep the momentum. Agencies were able to move fast, innovate and implement changes for more digital interoperability. There is a shared interest across all levels of government. Congress,. The executive branch and the administration, to continue technology improvements. The Technology Modernization fund and i. T. Work in Capital Funds and their multi year funding approaches our two programs instrumental in improving, retiring or replacing legacy systems. We must do more to drive sustained long term transformation and ensure Digital First as we add value and service delivery. Throughout my career, ive had the honor to lead and work side by side with amazing innovators and technologists. Public servants working for the federal government. Today, over 2 million civilian personnel use technology to carry out their job. Just as importantly, we can consider any Technology Investment and also remember that the people charged with using those Solutions Must also be skilled in the use of technology. As the pace of capability and threat continues to accelerate, we must invest in our workforce to keep their skills relevant. The ceo counsel continues to invest in the i. T. Workforce and is building on last years success with the federal cyber refilling academy to launch this month, a Similar Program and data science. This summer, we are holding the third annual women in federal i. T. Event where women in leadership positions across the federal government share stories and provide on the spot mentorship and career advice to emerging leaders. We graduated to cohorts from the Robotic Process Automation rescaling course and, in september, we will graduate 20 people from the cio Career Development program. As we focus today on the tenth edition of the fitara scorecard, we must adapt to the average shaping technology landscape, and likewise, adapt the scorecard. I look forward to collaborating with you to further refined the scorecard to support sustained long term modernization and drive innovation. Thank you for the opportunity to speak with you today and i look forward to your questions. Thank you miss roat, i appreciate that. I find myself in agreement with everything you said. It is good to learn that the administration has decided to embrace teleworking and light of the pandemic, given the fact that the administration was actually cutting back until work the last two years. And with respect to retiring legacy systems and the need for the Technology Modernization fund, i also found myself in agreement. But we need the administration to make a robust request in the budget. If were going to make progress there. The chair now calls on the distinguished congresswoman from the District Of Columbia for her five minutes of question. Welcome, miss norton. Miss norton, are you there . Miss norton . Mr. Lynch, are you there . Im here, im here. You are, theyre great. Sorry about that. Just speak up a little bit. All right, im sorry. I punched the wrong button. There you go. Thank you very much. Mister chairman, i want to thank you for this annual hearing. Its very important to be brought up to date. Fitara says, and im quoting it now, that cios have a significant role in the decision processes of the oversight process is related to Information Technology. I wouldve thought that they have a major role to play in an agency overall. Understand that ip is now baked into policy design and implementation. This question is for miss harris. There are ceos that do not report to agency heads. Of course if they dont, they are unlikely to play that key role that we spoke about. Why dont all of them not report . I think it was perhaps in your testimony or the testimony of one of you, that one third do not report to the agency head. I would like to know why. I understand that there is a minus and a plus, that you can look to see if people are reporting, but i dont understand what determines or how agencies determine what this committee has long said would be helpful. Thats correct, maam. About one third of the agency cios do not have direct reporting mechanisms to the agency head. That is a problem because agency cios have reported to us that reporting structure is very critical to allowing them to carry out the responsibilities. Miss harris, would you explain to the committee what would be the resistance so we could work with agencies . Why would an agency not want everybody in the room. Honestly, i think in large part it has to do with Agency Culture and being able to change that culture so that they see i owe does have that seat at the table that is vitally critical. Its going to take work with the Senior Leaders within those agencies to empower those cios. Change those Organization Charts so those cios have a direct reporting capabilities and work with you all to ensure that happens. I would like to work with the chairman on making sure that there is no resistance. In the 21st century, you wouldve thought that having the cio at the table would just be a given. I really dont understand the resistance. I believe the committee could be helpful through legislation or regulation. That the cio the at the table. This is a question for miss roat. It has to do with the recruitment i. T. Staff. Are these staff valuable outside of the Public Sector miss martorana or miss roat . Is there great competition for the staff . I would like to discuss that and then i would like you to tell the committee what we could do to help attract and keep federal i. T. Workers. Miss roat . , yes maam. Thank you for your question. For the workforce, it is difficult to attract workforce to the federal government. In turn, folks that we do train in the federal workforce go to the private sector and make more money. What attracts people to the federal government is the ability to focus on a mission. Whether youre working for the department of energy or transportation or dhs or nasa. People are excited about the mission, that is what draws people to the federal government. As a cio, ive had experience with that where people want to come on board. Ive had some incredible talent. Other cios have had the same experience. To your question, it is hard to get people in. Once you get them in and the people want to come in, they want to stay. They loved what they do. When people leave the federal government, they might go back to private industry and get more experience. Maybe they make more money and then turn around and come back to the federal government. But again, we continue to explore flexibilities in a hiring, compensation and looking at ways to build skills. As i said in my opening comments, weve done a lot for the federal workforce so far through the cio council. On data science, on cybersecurity, and we are going to continue to build on those skill sets so that we can maintain that work for us. So its not only attracting new workers, but maintaining and educating our current workforce. His pay a salient issue here in keeping people and the federal workforce in i. C. E. . For people who are working in the i. T. World that are coming into the federal government, they can get compensated much more on the private sector. Yeah. We might have to look at that also, mister chairman. Thank you, congresswoman. Let me just say in response to your query about cio, i cant agree with you more. When we wrote fitara, there were 250 people spread out over 24 agencies with the title cio. I asked the private sector miss martorana, how many cios do you have . Almost 100 the answer is, one. We have a lot of work to do. We did not mandate there shall be one ceo, we allowed it to evolve that one cio was sort of premise, first among equals, we reported to the boss. If we need to strengthen that, we will. We will also be guided on that matter as well. Were making progress. Listening to the testimony today, you have relationships with the head of the agency and that makes all the difference in the world. The empowerment from the boss. Its something we are looking at and i think i thank the congresswoman for bringing attention to. The chat now recognize the distinguished Ranking Member, mr. Hice, for his five minutes. Thank you very much mister chairman. Miss roat, i would like to ask you this. One of the things ive discovered in becoming more familiar with this, it seems that one of the current metrics measures how much of an agencys portfolio is high risk. The issue that i have found is that there is no definition of what high risk is, at least not that ive been able to find. When i think of high risk, i think of things like vulnerability to cyberattacks. What i found out is that high risk means Something Else to others. It may mean whether or not a system is being delivered on time and on budget, if not, it is at high risk. My question is, is there any uniform and comparable kind of wait for agencies to define what we all mean by high risk . So that we are on the same page. Thank you for the question. As you look at the programs in the portfolios across the federal government, those programs that are high risk, gao looks at programs that are high priority. The high Priority Programs. There are different definitions including high value assets. When youre looking at those systems that are at high risk, are those the systems that are the oldest in the federal government that perhaps need to be modernized . Or are they high Priority Programs that are high visibility and have to be in our and are critical to the federal government . As were looking at the definitions, there are separate definitions whether it is high Priority Programs, i value assets that are critical to the federal government or those programs and those systems that are high risk in the federal government. There are different characterizations that are used indifferent reports. To me, thats part of the problem. Is there any kind of way of getting a uniform understanding of what we are talking about with high risk . You mentioned three or four Different Things that come under that category. But even just to prioritize the high risk category so that we know that if the high risk is any of the things that you mentioned, or cyber vulnerabilities or whatever, can we and should we focus this definition a little more tightly . Yes sir, we should take a look at that. We should make sure that were aligned on the definitions and on the same page as were looking at the definitions of programs across the federal government. I mentioned three with three definitions on that. Gao is using the high Priority Programs and some of the other ones. I agree with you. We should take a look at that and make sure were all in alignment. I agree, lets try to move forward on that. Another thing that has also come up when it comes to legacy i tea. The current scorecard does capture whether or not an agency has a working capital fund, but it does not deal with whether or not any of those funds are being used to modernize old systems. My question is, what kind of metrics can we add to the scorecard to incentivize agencies to make these kinds of i. T. Overhauls the need to be made . Weve got to make the transition. I agree with you. It is imperative that we continue to modernize. The i. T. Working capital fund is one of those programs that allows agencies to have that long term sustained investment in technology. Thats critical to modernizing. So the i. T. Working capital fund where you can have multi year dollars within those, thats the intent. Its to modernize those legacy systems and really drive that modernization over multiple years. Where you have legacy systems and programs, being able to invest that over multiple years is the way you get out of that techno technical debt and continue to move the ball forward. With the Technology Modernization fund and the i. T. Working Capital Funds, those are two critical programs for agencies to sustain long term modernization. Okay, thank you. My last question deals with the Customer Service aspect. More and more, were having people involved who are coming to government digitally. How can we put this type of metric in future scorecards to make sure that we are providing the customers with what they need . Thank you for that. With the idea act, i think theres an opportunity to really look at the Customer Experience. That was the intent of the 21st century idea act. Its the Customer Experience and how they interact with the federal government. Theres a number of requirements in there from each signatures to five oh a two enabling in easier Customer Experience with the federal government. I look forward to working with you and the committee on understanding what are some good metrics on that. That is a perfect example of a metric that could evolve over time as agencies are continuing to improve their websites and their Customer Experience with the american public. Thank you very much. I yield back. I thank the gentleman. Thats a good point miss roat. Before i call on mr. Lynch for his five minutes of questioning, miss harris, did you want to address the question mr. Hice asked about what falls under high risk on the scorecard . High risk is defined by each of the individual agencies. So it could be cost, a certain cost threshold. It could be a high value asset. There are a number of ways that agencies define what they consider to be high risk. I think i onb would play an excellent role in having a more uniform decision or maybe having a watch list of the ten to 20 top critical i. T. Investments across the government. It would be an Excellent Way to be able to focus and home down what those high risk investments are. We have work for this committee looking at the top ten to 20 Mission Critical ikea acquisitions across the government. Weve put together a list for you. That report will be coming out and september. We would be happy to work with oh and the. Using that list as a jumping off point to have another working list for the executive Branch Agencies to work from. I when we begin this category, there were agencies the claimed they had no highrisk programs. We needed to get out of that protective defensive mode candidly and say, these are high risk for these reasons. Were going to monitor them so that they do not go awry. If they do, we will take action. That was part of the problem. We had these long multi year and multibillion dollar System Integration projects and nobody felt a power to pull the plug if the milestones were not being met. In fact, there were not always milestones. We were trying to make sure that we didnt make a bad thing worse. In the private sector, if something goes awry, the ceos has pulled the plug. Were going to move on. Well try Something Different. A little harder to do in the Public Sector because Everyone Wants to know why did u. S. The money. But nothing is improved by doubling down on something that is not working. High risk really matters and getting it right really matters. We dont want to unwittingly change the definition so we go back to the old days of everything is fine. The point isnt too ding on people because it is bad, it is to capture something going arrived before it goes off the cliff. I thank you mr. Hice for raising it. I think some uniformity of understanding would probably be a good thing. Mr. Lynch, im sorry to impose on your time. Welcome. Thank you very much mister chairman. I want to follow up on that sentiment. You and i know as longtime members of this committee, that it has been a history of we dont have any problems over here until there is a blowup like we had at all pm when 22 million records went out of people who were applying for security clearance. And others that were in government as well. We saw the disasters. I approach this with a little bit of skepticism, healthy skepticism. Im happy to hear the good reports, dont get me wrong, but ive been here too long to believe all of that. I want to ask about, lets go to mr. Gray. I read recently a pretty good story in the Washington Post the talked about thousands and thousands of borrowers of Student Loans whose personal information like their Social Security numbers and their detailed Financial Information was left exposed by the department of education for like six months. These were people looking for some relief. Either they had been taken advantage of or exploited by for profit universities. Those types of cases. They basically had to open the commando of these applicants were looking for relief. And yet, we left all their Information Available to whoever would would tap into it. Thats one issue ive got. I would like to hear from mr. Gray on that. And now about opm, i noticed there grade is a c. Given their history, we all know what it is, thats just terrific. I opm had not even encrypted Social Security numbers. It was just an unmitigated disaster and we continue to suffer from that today because of all the people we exposed who had asked for security clearance. Those are the people that do some of the most sensitive work and our government. They were all exposed because of the lack of cybersecurity. Id like to hear from mr. Gray as well as someone who could speak on behalf of opm as to why they only have a c at this point. We will ask mr. Gray first and then call on miss martorana. Thank you for that question. I will share that article is interact incorrect. The department did not leave that open for many months. What really happened was that we had a situation where a file share was inadvertently left open to internal department only employees. There is no external access. We did report through omb memo 24. It is a low risk incident. As i brief this committee on friday, it is a situation like being in a bank. A bank has a fault. Every employee who can go into that vault is a trusted employee. Every person who works at the department is vetted. They have fingerprints. They have user agreements. They have annual cybersecurity and awareness training. This is a situation where an employee actually recognized that a safety deposit box in that fault was unlocked. It should not have been unlocked. Mr. Great, just hold on for a second. So did every Single Person have a need to know in each of those cases . Every employee is vetted to be able to access information. And no, not every employee needed to access that. As of this morning, the investigation. You need to tighten that up right . Absolutely. And we absolutely did. Thats what i would like to believe, but we can tighten it up. Right . Yes congressman, we can and we have. I only have a minute left. So let me go to miss martorana on opm please. You need to turn on. Thank you. Sorry, thank you for the question. We continue to work diligently at opm to upgrade our infrastructure. Upgrade our overall cyber posture. Uwe are struggling with our staffing. We are struggling to make sure that we have appropriate staff levels to support all of the systems that we are maintaining. One of the Biggest Challenges that we do have is we are still supporting our department of defenses colleagues as we are decoupling our systems. We are still on a daily basis, operating dcsa. The National Background investigation systems on all of their daily operations, as well as all of the laptops and their desktop support services, etc. So as we are able to hand that mission fully over to the department of defense and focus singularly on opm, that will give us the opportunity to be able to focus on opms core mission and a great all of the services that we delivered to our own mission. Okay, thats a fair answer. Thank you mister chairman for your indulgence, i really appreciate a courtesy. Thank you. Mr. Lynch, if i can follow up on that question. I understand youre sequencing with the department of defense, but when we go back to the original breach, and you werent there, part of the problem was that we had software were Cyber Protection einstein. Then, there was einstein to which had not been installed. That has nothing to do with the defensive department. Thats a management issue about getting around to it. Prioritizing. I wonder if you want to take a moment to try and reassure mr. Lynch and the rest of the subcommittee that that attitude has changed. Then in fact, we are prioritizing cyber in protecting databases at opm. Yeah. I can assure you that the rigor and discipline within the current opm team is extraordinary. We would not have been able to execute something as complex as our mainframe migration without having a disciplined Management Team and extraordinary cio team that is doing a diligent job on a daily basis. Can we do better . We can always do better. I. T. Is one of those areas where you can always improve. But the team is extraordinary. We work utilizing every single tool and asset available to us. Our cyber team and our sizzle are extraordinary. We do Everything Possible to safeguard every single asset within our environment. We utilize the best tools of the federal government including dhs in order to support us, the perimeter of opm. So, i think that you can rest assured that, at this time, all safeguards and standards are being operated at the highest level. Thank you and thank you mr. Lynch. The chair now recognizes. inaudible thank you. Thank you. The chair now recognizes our returning colleague, the gentleman from alabama, mr. Palmer, for five minutes. Mr. Palmer . . , yes, sir. We can. Is your video on mr. Palmer . It is. You got me . All right. First of all, i want to compliment mister hice on his library. Its impressive. I hear he rents it. He rents it laughs miss harris, there was a report submitted that found that the federal governments top seven ip providers sourced over 51 of its materials from china since 2012. I want to ask you if you think this poses a significant economic and National Security risk . Yes, sir. This is a significant risk to National Security. We have worked ongoing in this committee relating to the i. T. Cyber supply chain. The vast majority of the agencies have not instituted proper supply chain internal controls. This is a major issue. We will be making more than 100 recommendations associated with this. It does pose a significant threat to our nation. I bring this up, mr. Lynch raised the question about the breach at opm, but i think there are still issues with that. Now personal identification information that is still out there. What would be the budgetary impacts of shifting federal Technology Acquisitions away from china . Sir, im not in a position to answer that question. Weve not done work specific to that unfortunately. Im not in a position to answer that with specific facts. Miss roat, would you at omb have an idea about that . No, sir i. I do not. I think that is something that we need to get an estimate on. Theres a tremendous amount of talk about shifting the supply chain out of china, particularly when it comes to drugs and materials that are critical to our economy and to our national defense. The fact that we spend 80 of our budget on maintaining antiquated systems. Is that correct . Yes, that is correct. Then 51 of that is sourced from china, i think. I think this is something, im going to make this request to miss roat and to miss harris, that either of your agencies come up with the estimate or Work Together to come up with that estimate. If i need to, mister chairman, i will put that in writing. I think we need to know what it would cost us to shift our i. T. Supply chain away from china. I would appreciate it if we could get a response from you and let us know when you start working on it. The Commission Also recommended congress establish a comprehensive National Security supply Chain Management strategy. It for the recommended that direct statistical agencies such as the census bureau, to review methodology for collecting in publishing deeply detailed supply chain data to better document the country of origin for imported goods from china, including imports related to our federal i. T. System. This is for all of the witnesses. Or any of you aware of any current actions the federal government is taking to implement these recommendations . Miss harris, well start with you. Sir, that work is out of the scope of what ive been doing for this committee. I will have to take that for the record, to see if theres a better expert within gao to answer that for you. Okay. Mr. Gray . That would be outside of your expertise to. I will go to miss roat. Do you know where we are on that . Right now, were working very close agencies to take a look at their supply chain. Currently briefing them on the requirements of section eight nine. But again, working very closely with the agencies to understand their footprint and what the impacts are on that. So that work is under ongoing and will continue. Is it specific . Are there specific work being done on the i. T. Systems . Again, were working with the agencies to understand, as you alluded to, what the impact is and understanding if theres equipment that needs to replace or get upgraded. Those types of things. The impacts on those systems. That work, weve kicked it off and it is underway right now. I think the chairman. Let me just say to the gentleman, i think here is a really good point about the need for coordination so that we are not retiring with systems and 150 different systems that cant coordinate or cant be encrypted or have different requirements as much as we can inquiry nation bio im so this cio and the white house to make sure were making good decisions for the future, both in the cyber realm and in terms of opera billety and coordination. Very important. Thank you, mister palmer. Mister chairman, if i may respond to that. Yes you may. You are absolutely right about offer bolivia meng federally jim sees but it also should extend to the states. We are seeing in my previous experience on the oversight committee, we saw multiple examples of the inability because of the antiquated systems, to have that interoperability between state agencies and the federal agencies. I just want to add that and i yield back. You are quite correct and we are certainly seeing that in unemployment i. T. Systems all across the country. There are at least a dozen that still use coal ball. The only good news about that is i understand the chinese dont know how to hack into cobalt. That is about the only good news. You are absolutely right that we are seeing that effect millions of americans in terms of not getting their payments in the timely fashion, which creates a snowballing effect in their ability to cope during the pandemic. Chairman recognizes the gentleman from maryland, mr. Raskin, five minutes. Mr. Raskin. Yes, mister chairman. Welcome. Thank you very much, im sorry, i thought it was an muted already. No problem. Thank you for calling this very important hearing. In june of last year, the day before the hearing, omb issued guidance that revised in era the definition of a center, according to gao this guidance eliminated reporting on more than 2000 facilities government wide, including types of facilities that will be em and omb had previously cited as cyberSecurity Risks. Removing the requirement to report on these facilities diminishes our ability to exercise oversight over business Security Risks. We also noted in our Opening Statement that consolidation of case centers estate in taxpayer dollars so why would we discontinue efforts that save money and improve cybersecurity . Does gao remain concerned with omb decision to change the definition of data center and stood a longer require agencies to include smaller data centers in their data center inventories . Yes, sir. We still remain very concerned about the new definition of data centers. Our concern in particular is because when agency stop reporting on these data centers, theyll stop looking at them in general and then that is where the cybersecurity vulnerability risks increase because they are not looking and paying attention to the centers. Omb changes to the new guidance no longer allow the subcommittee and gao to evaluate Agency Progress towards Data Center Optimization and consolidation. Can you tell us why omb would stringent leaner the definition of the data center . When doing so could both impair cybersecurity and increased costs to the taxpayer . Thank you for the question omb up to the definition of data centrist to better align with Industry Standards. When you look at the overall definitions of data centers, those areas where there was maybe just around her and a switch and a closet somewhere, those really arent classified as True Data Centers because they have those types of things were changed as part of the definition. As you look at the modernization across the federal government and agencies closing data centers, they are taking big steps to rationalize their portfolio, upgrade their infrastructure and address the cybersecurity concerns just across the entire environment. As you shut down data centers, there are many steps behind it to do that. Even as we change the definition of data centers, modernizing and closing and shutting down data centers per the Industry Standard takes a lot of work and those application rationalizations and infrastructure upgrades will continue as we close the data centers. Will you commit to working with the subcommittee to track data centers in ways that are consistent with the law and gao recommendations to improve cybersecurity and maximize the saving of tax payers dollars . Yes, sir. We look forward to working with the committee on those data center measures. Okay. Agencies required to implement the data center, 4. 7 billion in cost savings from 2012 through 19. Of these 24 agencies, 23 reported in august of last year that they had met or plans to meet omb fiscal year 19 savings goal of 41. 5 Million Dollars. Do we now know whether agencies met their fiscal year cost savings goals . If not, when will we have that knowledge . I will work with omb on the data center in those metrics to make sure we have Accurate Information for that. We continue to track with the agencies are reporting to make sure that progress continues on the cost savings. Thank you. Is there any more potential for cost savings and potential . Yes, we believe there is. And so this should continue to stay priority for the committee on the scorecard as well as for the agencies. Why is the administration chosen to halt its efforts in this field . I unfortunately dont feel comfortable speculating as to why omb would make that decision. Again, backtracking on identifying and including things like servers in closets and considering that to be a data center is something that we disagree with dcsa omb on. That is something that should be counted because it may not be an opportunity for consolidation but it certainly still poses a threat from a cybersecurity standpoint. We do believe that having the more inclusive definition is the way to go. Can you describe the barriers to Cloud Adoption and removing those barriers . The barriers to cloud, the number one barrier is agencies having it as a priority. We have found in our work on clouded option that agencies dont necessarily have the robust process season place to take a look at all of the investments that they have in terms of whether or not they would be eligible candidates for the clout. We have made recommendations to the agencies in implementing those process ease and we currently have work to look at, whether those agencies are in the process of implementing the recommendations that weve meet them. I think a round of time, mister chairman, thank you very much for your indulgence. Thank you very much mister raskin. Your point about data consolidation is very important. I agree with you. Let me just say, i wrote that section of the bill. So i care about it. Im not going anywhere we are going to. Insist on a robust definition of data centers so that we continue the goal of consolidation to a, effectuate savings that can be used for reinvestment, because they are one of the big sources of potential savings and secondly, in the whole mission of Cyber Protection. We will work with you but we are not going to countenance squishing us in the definitions of the people get off the hook and arent accountable for what where the data centers we are trying to consolidate. I hope you will take that message back. The gentleman from wisconsin is recognized for five minutes. Can you see me . We can hear you, we cant yet see you. You might have to put up with just hearing me. There i am there your. Ive gotten a little bit late. Is mrs. Around . Yes, she is right. Here i understand you spent a lot of time in the private sector and improving the digital experience. Given omb importance to the workforce and public, could you describe your approach to digital modernization . Sure. There is an enormous opportunity for us at opm to better serve our customers and across a broad spectrum, from continuing to improve the opportunity for job seekers all the way through to retirees. There are numerous opportunities but the most important place to start is on a firm platform. Starting with the foundational investments that are required in people and technology to start that digital modernization journey. noise okay. noise inaudible what steps are you taking to comply with this model . Lawyer noise hello . Mr. Grothman. Could you repeat yourself . Okay, im sorry. Thats all right. Well speak up. This is for mrs. Martorana and jason gray, both of your agencies get seized in cybersecurity, which means youve got improvement. There is room for improvement. What steps are you taking to comply with this critical tool to affect Information Security across the government . I will start. We have taken a four phase approach focusing on our processes and making sure that we are refining our processes to not only comply with but it has a cybersecurity posture. We are looking and have been focusing on strengthening our policies as it relates we also have a lot of tools that we have and continue to use with defense and depth. A whole bunch of them, and equally as importantly, as was mentioned earlier, education. It is focusing on making sure that our staff understand that at the department as a whole understands the importance of cybersecurity. We have also developed and implemented a cyber risk scorecard that we produce, that has made realtime metrics, that shows it is in line directly with Cybersecurity Framework. That is visible to our system owners so they can see exactly how they are doing to the comment earlier, about making sure that we are measuring the risk and actually, when something is red, it is not necessarily a bad thing, it is an indication that that needs some work that gets briefed every single month to the secretary, the deputy secretary and monthly to all the assistant secretaries for all of theirs. It is really focused on a process improvement, policy improvement, leveraging the tools that we have and making sure that we are educating everyone at the department on the role of cybersecurity. I think i can mimic, basically, we are probably a little bit behind where the department of education is but following in those footsteps, the people, the process, adding new technology and tools and significance training. We are consistently training our workforce to make sure that the policies and brought a cease that we develop and the tools that we are implementing our understandable and the but the entire workforce is comprehending that every single one of us are the best tools that we have. In keeping with all of our Information Systems safe and secure. Mr. Grothman. I think that train left the station. Thank you, mister grothman. The chair will now recognize himself for his five minutes of questioning. Oh, your back. Glenn. Did you have one more question . Yes. Go ahead. Miss harris, you end all the agencies have gotten aids in this Software Licensing metric, do you think is trying to remove this metric . If so, how can we have all this metric to capture some of the cost saving aspects like eliminating and used Software Licensees . That is a great question, i think that given that all agencies at opm have received that, it may be time to retire that particular metric or evolve it, certainly when it comes to the evolution of the metric, one of the key things that we will have to work with with this committee on, as well as with omb is the availability of government wide data that is publicly available, because that is what is used in order to generate all of these scores or these crates. That would be a key factor in what we could used to potentially evolve the Software Licensing great. Thanks much. Great hearing, thanks for putting this together. Thank you, mister grothman. Miss harris, despite all the progress in the scorecard, we really dont seem to have made progress in retiring legacy systems. Why not . What will it take to seriously incentivize agencies to do that . Mister chairman, i think that what we need to see greater crop progress on is the working capital fund establishment. That is a very important mechanism that the agencies can use to transform their i. T. And to modernize it. We would like to see a more aggressive push by the agencies that have not yet implemented those working Capital Funds to do so as quickly as possible. They are able to put those savings that they generate from Software Licensing, from portfolios and data consolidation into that fund, so that they can use those monies to be able to, and the flexibilities associated with a working capital fund to be able to modernize their platforms. Mr. Gray, you will forgive me, but i think you soft pedal to the breach. Yes, the breach may not have been huge, but this committee had a hearing on your agency or including your agency, several years ago. What came out was surprisingly, although maybe not surprisingly, was that the department of education actually has a huge database. 40 million americans, you applied for student loan, youve got my Financial Data. My checking account, my savings account, all kinds of other Financial Data that is pretty sensitive. That is a pretty big database and a juicy target for some people up to no good. The fact that we had this breach raises the question about how secure is thats bigger database . Given the fact that you get a see minus in cyber, one of your lower grades, it underscores vulnerability, maybe i need to be concerned. I want to give you an opportunity to talk about the. I appreciate the question. The incidents that happened in 2017 is obviously very different than what happened here with what was briefed on friday. Its that we literally had a file share one out of over 7 million folders, one where a user inadvertently allowed other people within the department permissions. If you have a situation where people have the ability to go through and say hey, im going to allow people to have access to this, that sort of thing will happen. In this situation, the employee who actually identified that did not report it to the, department they deported it externally to the department. To compare this to the tsa, this would be like a tsa individual at an airport seeing a suspicious package and instead of reporting it, seeing something, saying something, they took it externally. Which then went to the media. To get your question, i agree that this was identified when we were reported, when it was notified to me, we took care of it right away. Weve also gone through and scrubbed and rescrubbed, weve hired a third party to come in and recheck all of what weve done, just to make sure, as of this morning, they have come to the same exact precluded as it relates specifically to this incident. This is a low risk incident where an internal, as i mentioned, about the bank, and the safety deposit box, it was four trusted employees. In this case, we had a trusted employee who saw something and instead of doing what they were supposed to do, they took it external. To get your question about cybersecurity, absolutely, i take cybersecurity seriously. Ive been at the department for over four years. This is my fifth agency that i have been at. Cybersecurity is certainly one of the core focus areas that ive had. As i mentioned, we have gone through what process process is we can improve, is their policies that we can implement, are there additional tools . We have Network Access control, data loss prevention, we are taking a lot of necessary steps to ensure that we are protecting and defending the information that we are interested to. You have legacy systems. At the department of education. Yes, one. One. How old is that system . I would have to get you an exact number but its probably been around longer than i have. Wow. I have two conclusions from that, one is that you are younger than i thought or the other is gosh, that really puts an exclamation point on it. From your point of view, and youve had experience in other agencies, lets stipulate that we need to working Capital Funds. Other than that, what is it going to take . My experience in the private sector is that Management Management is to put a priority on something is going to happen. There has to be a multi year commitment if that is what it takes. Youve got to back it up with a budget commitment every year. From your point of view, what is it going to take to retire that legacy system . To continue on the path of that we are on, there is a nextgen financial student age system that is well underway. That acquisition and that entire group of projects incorporates removing that legacy system and getting rid of it. It is actually on the road map on where we are going. General mark brown, who leads the federal student eight, has been doing an amazing job working very closely. Both of our teams are working closely together from an oversight standpoint to make sure that we are fed into our governance process. At this point, we have the support, funding is always something we can always use. But we have the absolute support from the secretary, from leadership and governance to address that legacy system, because we do recognize it is old and needs to be improved. It is an enormous opportunity cost, not only for you but for the rest of the federal government. If were spending 80 of 96 billion dollar, its not a line but thats roughly our budget for i. T. A year, and 80 of it is going just a mange taint legacy systems, no wonder we got some of the problems weve got. Miss martorana, you are relatively no new too opm . Where did you come from . May i ask . The United States digital service, i spent two years of the department of Veterans Affairs, prior to joining. Okay. And you have private sector experience before the . Yes. Opm got i think a see, see minus overall great. Given the fact that you are the hr agency for the entire federal government and as mr. Lynch mentioned, really Sensitive Data, on federal employees, on people seeking security clearances, a breach there, what could go wrong with that . Sadly, we had the biggest single breach in the history of the federal government with your agency several years ago. There is a sense, not about you personally, but that the agency remains surprisingly less then driven by a mission to make sure that never happens again. And we are the exemplar for the federal government as opposed to a lake garden. I want to give you the opportunity to address that. Ive heard you like your team and they are committed. You feel pretty good about where you are headed but a sea minus is not a great overall grade for giving your mission and maybe put more positively, as we look to the future, what will it take to get to an a from your point of view . We are a c plus, its like her action. Whats that . C plus, rather, excuse me. With the main frame platform migration that we just completed and the coming data Center Closures that that will trigger, we had a failing grade and software inventory, but through the covid supplemental, we are able to procure software that will allow us to actually do a software inventory. We will be able to check that off of our list as well, which should get us to approximately a bee for a score. Within the next six months. We are making pretty significant progress. Security is our primary focus. Every single day, we keep those systems safe, secure and operational. But one of the Biggest Challenges that we have is funding and personnel. To the question earlier about risk, one of the biggest risks i think, that we are facing, in addition to those systems, the legacy systems, is also, we have many, many people in our workforce that are retiring. And with those folks retiring, and a lot of these systems documentation not systems being old and not being very properly documented, a lot of the knowledge of those very old, complex legacy systems is retiring with those subject matter experts. So i think we have multiple levels of challenges that we have to face together. Law so, funding, multiyear funding so that we can actually retire those legacy systems and put it more modern technology, that will reduce risk. Continuing to upscale and train our federal workforce, and inspire younger and different people to come into the federal workforce. This is a critical part of what is going to be needed for us to continue to secure and maintain and operate those systems. In the future. I would agree with you but i would say not about you freezing wages, threatening to cut back on compensation, disparaging the work of the federal workforce, making it harder for people in the workplace to have appeals and representation and talking about extending a probationary period from one to two years, none of that is particularly appealing to young people in the College Campus to come work for the federal government. And it is almost designed, in fact, to also accelerate the fact the phenomenon of retirement when 40 of the federal workforce is eligible for retirement. Some of them can delay it because they are so driven with their mission and so passionate about what theyre doing, or, they can accelerated because they feel so discouraged in unappreciated and none of this was helped by a 35day long shut down, the longest in american history. You come from the private sector, i come from the private sector. I dont know a ceo who would get very far with his or her board disparaging the workforce, slashing compensation and talking about discrediting, shall i say, their value and their work. No ceo i know would keep the job. And you praise rick force, you motivate your workforce, you incentivize your workforce. Am i still on your screens . Okay. Anyway, i want to thank you for the observation. Thank you for the work you have done. We will stay in touch. Congratulations on progress. And we certainly, miss roads, need omb to keep the pressure on and to be supportive. We have got to come up with some Creative Solutions to help agencies, in addition to money, retirees legacy systems. They want to, they are motivated but it is a big, big decision. And a multi year commitment, in most cases. And quite disruptive, actually, in making that transition. We have got to have some Creative Solutions as we see the vulnerabilities in our systems, they have to be addressed. Thank you to the first panelists so much for being here today. Please stay safe and healthy. Were going to take a five minute break and then convene the second and final panel of this hearing. Thank you. Chair connolly the subcommittee noise . Subcommittee will reconvene. Mr. Town or, miss counsel and mr. Speiers, are you with us . Theyre telling you to give them a second. Mr. Powder . Can you a new technology with us . Yes, im here, mister chairman. If you could switch stay and muted if i could swear you in. Miss counsel are you with us . Yes, chairman. Thank you. And mr. Spires . Yes, chairman. Thank you. If all three of you would raise your right hand, do you swear to tell the truth, the whole truth and nothing but the truth . Or reform the same, so help you god . I do. I do. I do. Let the record show that all three witnesses in the second panel have affirmed in the positive. Thank you. And mr. Counter, if youre ready, im going to call you for your five minute Opening Statement. Welcome back to our subcommittee. Thank you, its good to be back. Mr. Palmer. Yes, sir. Im sorry, i didnt see you. Go ahead. I do not have an Opening Statement but i failed to do something in the Previous Panel that is inaudible enter documents into the record. Certainly. On the supply chains will nobilitys. Yes, and mr. Palmer, if you didnt hear me i said i would be glad to work with the one that whole question about supply chain. I think it is a very good point you made. I had hit the raise my hand buttoned thing and im getting used to all this webinar stuff. I had a followup question but i will ask one of the panelists here. With no Opening Statement i will yield back so that we can move forward with the questions for the panel. Thank you, mister palmer. I didnt calling for an Opening Statement because this is the second panel of that hearing. If you had something you want to add, you are more than welcome. I thought you were asking me if i had an Opening Statement . I do not. But i will have questions. Yes, of course. We welcome them. Thank you. Mr. Towner you are recognized for five minutes. Thank you for the opportunity to testify on the scorecard. For the past few years i work for non for Profit Corporation that operates in the public interest, we are Public Project Partnership with federally funded r b centers and we work across government in partnerships with states safety stability and wellbeing of our nation. Prior joining i was a g. I. A. Of white works, a Witness Committee crafting and helping with the creation of the scorecard and assistance with oversight. I would like to start by thanking you, chairman connolly, for your leadership not only in creating but also youre unprecedented followthrough with more than five years of consistent oversight, which has inclusive included ten scorecards. The federal i. T. Community has benefited greatly from working with you and your five partisan partners is on the way. Representatives isis, herman, kelly, meadows, and now Ranking Member i would like to address three areas. One that results in progress that have occurred since the far passed, to wear the reasons and three potential areas to consider the future scorecard. The progress that has resulted from the scorecard in your oversight are significant, billions of taxpayers dollars have been consolidating data centers are reducing licenses. The scorecard is also helped elevate the ceo rule. More cio have a seat at the executive tables than agencies these enhanced relationships will be critical as cio lead their industries to more modernization and Digital Transformation. Why was this successful . Simply put, it was a team effort in the legislative and executive branches. Lets look into the specifics of this oversight. Mister chairman, your approach focused on critical step shuns of the law, established clear metrics with specific targets, was measurable and data driven, and the oversight was with the system. Every six months, over a fiveyear period. This is extremely important since it took at least two years for four scorecards to see significant progress in any of the great adarius. Also, omb political role. They issued guidance and required self assessments federal agency cio have provided leadership and delivered results. This progress is evident with the high grades scorecards. Where should this go from here . Some of the areas graded have reached a level of maturity where perhaps grading is no longer a necessity. This is not to say that they are not important, just that other areas that benefit from the transparency, measurement and oversight to the scorecard provided. For example, mister chairman, as you know if you years a few weeks ago and modernization and your march hearing that covered the contract, of prime candidates inaudible my written statement provides five recommendations, these recommendations are very consistent with the rules in the president management agenda. Heres a brief rundown of the five. Number one, enhanced the cyber barrier by considering metrics that agencies in the industry used to measure cybersecurity. This should include areas like patch and vulnerability management, miss Cybersecurity Framework and supply chain mismanagement. Number two, adam modernization category that provides transparency to our nations most important icy acquisitions and incorporates Customer Experience measurements as well as legacy retirements. Number three, at an infrastructure category that highlights progress on ei as, so that we have in place more modern and secure networks. Number four, at an i. T. Workforce category that provides a comprehensive view of agencies gaps and critical cyber engineering areas and tracks progress to the appropriate skilled workforce. Number five, have an i. T. Budgeting category that continues to focus on working capital forms. Also incorporates tv am so that i tee costs are better captured. We need to shed a light on the discipline agencies using i. T. Budgeting so that it reflects an actual needs for modernization. This category could drive better conversations both internally, the cfos and externally with onb in the congress. Mister chairman, these recommendations are about having better security agencies, tackling true mission enhancement, having a modern infrastructure, the steel workforce to do it and the right resources. An enhanced score card, will it help in these critical areas . Absolutely. Future legislation will advance omb policies also. Mister chairman and Ranking Members, we look forward to assisting you on these important i think you, mister powner. I thank you for being one of the key architects of establishing the scorecard and i think it has evolved in a way that we hoped it would. Which is to incentivize agencies to evolve and to modernize and to understand the critic calorie that mission. I thank you for your leadership in allowing us to be where we are five years later. Lover and council chief executive officer of emerald one. Welcome. Union members of the committee, thank you for the opportunity to appear before you today to share my experience as assistant secretary for Communications Technologies and the department of Veterans Affairs. Ive served from 2015 to 2017. I am pleased to join you and provide you with my recommendations to support the continued effectiveness of the tara. Prior to joining Veterans Affairs i spent time as a Global Leader in operation technologies in operations technologies. I have let organizations as large as take and technical is the Veterans Affairs, i had complete fiduciary responsibility and accountability, world class prostheses in technology. However, during the preparation for my role in the va, i frequently heard about how difficult it was to execute i tee project with the federal government. The causes were numerous. One or twoyear appropriations, complicated program budgeting, hiring delays, data center proliferation, cultural nuances, Even Technology procurements decisions being made outside of the i. T. Organization. What i did witness each of the obstacles mentioned within a short period of time, we were able to make progress at the va. How are we able to do it . We had one critical strategic tool i could rely on. It was and regardless of whatever obstacles i might have encountered i had a lot i could leverage. I want to thank the committee for giving us that law and therefore the authority to act accordingly. Let me share figure with you. 74 of all mainframe i team attorneys a shun products fail. That is a staggering figure and it is industry what. The primary reason is that it requires complexity and eight, Many Organizations obtain or develop new technology to enable a new process or solve a problem well before they understand how the solution will be supported or how the process will work. In most cases, you are trying to make something new work on something old. Integrating new technologies on top old infrastructure is always a risky proposition. The old infrastructure generally has not been well maintained, therefore, unforeseen risk often occurs and leads to subsequent failures. Just like the stuff in your attic or basement no one wants to get rid of any way, and no one will update anything, the same thing happens in 90. In addition to the infrastructure age, the organizations culture and how it drives the use of technology and the styles within the agency has a major impact on project success. At emerald one, we address the issue of complexity not just by focusing on people, process and technology, but also engaging the leadership, being culturally aware, building trust, obtaining a full value of the solution and doing it in the shortest possible time, so you can take advantage of the new technology. We call this the elements of brilliance. With this in mind, i respectfully submit to the subcommittee several recommendations that i believe would strengthen terra. The first recommendation is to make the scorecard an agency wide metric, therefore providing agency ceos with the the less aggressive leadership teen. The second is to add a metric that measures the agencies average Technology Life cycle. This could be utilized in a risk that could be modernized in that environment. The community should also consider a method to assess cultural readiness. The culture must be prepared to adopt new technology not just endure it. Organizational leaders that are focused on user adoption by measuring and, before tackling any new technologies. And finally, we must make sure the agencys fiscal reality supports the technological mandate to impose. Many of our agencies continue to receive Technology Budgets that allow them with little more than maintaining this outdated system. Angie tea, supported by the gm f were, both part of the steps forward by creating meaningful connections between the mandates, the committee concrete the leverage many see the cio need to modernize. As the chairman shared, in his july 20th Opening Statement, we can no longer allow outdated and Legacy Technology starting the delivery of vital public services. Chairman connolly and members of the committee, thank you again for your time an opportunity to share my experience and perspectives of patera, i look forward to continued successful implementation. Im happy to take your questions at this time. Miss council, thank you so much, really very helpful observations from your own experience. Very practical and we look forward to working with you as we proceed. Thank you so much. Mr. Speiers, welcome back. laughs mr. Speiers. Yes, mr. Connolly. Good afternoon to you. Welcome back. Members of the subcommittee. I am honored to testify today in regards to patera and the scorecard that congress has been issuing over the past five years. Having served as a see cio as the department of Homeland Security as well as the irs and having served as the federal chair of the council i have the opportunity to understand the management dynamics and inherent to i. T. I was pleased when patera was enacted, i believe it has been the oversight of congress that has been the driving factor in getting fellow agencies to improve the righty management. In particular, the spirit of bipartisanship that has made a significant positive difference, starting with the drafting of patera and it continues today with leadership of the subcommittee. Even with the progress, much work remains to reach the state of icy management best practice. The hearing held by the subcommittee just two weeks ago showcased that we need to continue to focus on icy modernization. Even if we had unlimited funds to invest 90, many agencies would still struggle as they do not have the management maturity and skills to effectively deliver largescale modernization. In 2015, we placed the whole federal government on its high risk list for improving the management of i. T. Acquisitions in operations. In gaos latest report, the recommendation was that 12 agencies replace legacy systems. Only three of the even planning to modernize the legacy systems. Given the success of the scorecard, it should contain it should continue as a tool to measure Agency Progress. I recommend changes to the scorecard, to sharpen the focus on icy management and modernization. All of which are provided in my written testimony. Some highly, my recommendations include one, at a 19 planning category. Meaningful lighting modernization starts with good planning and support but agency leadership. Hence this category should reflect the maturity and focus on i. T. Modernization within the agencies planning function and. Enterprise architecture. To, combined the incremental delivery and transparency and Risk Management categories into a broader delivery of itp programs category. Agency i. T. Modernization occurs through the successful delivery of icy programs and as such the should be a category that measures the ability of agencies and being able to manage this progress. Number three, of all the managing Government Technology category, budget category. This category should keep the element of an agency with working capital, in addition, agencies should much better understand the cost element of the agencys i. T. Budget. The federal government is a doctor the technology and technology to support this effort. Agency should be measured on their adoption of tv am, along with the use of benchmarking of their i. T. Services. They can compare themselves to other similar size agencies and private sector corporations. Of all the cybersecurity category, agencies should be conducting meaningful enterprise cyberSecurity Risk management to ensure that they are focusing on protecting their most Sensitive Data and critical systems. This test of ellipses your Risk Management framework in Cybersecurity Framework for ccf, its uses mandated by federal agencies. As for cybersecurity categories just started measuring whether an agency is top executing or the seven process steps within the see us if. At a Customer Satisfaction category, i. T. Organizations or customers. A core measure for all agencies supports organizations should be Customer Satisfaction. It would be best practice to administer a standard Customer Satisfaction survey for all agencies, so that this category can be added to the scorecard. To determine the specific measures for category, and Additional Data would be required for agencies to collect so that the category could be graded. I recommend congress convene an Advisory Group and they develop recommendations to evolve the scorecard. This Advisory Group should be vetted by gao but also include representatives from the federals counsel, the office of the federal ceo and from the private sector such. An adviser groups inaudible should make recommendations to congress within three to six months. Given the scorecard works, lets commit ourselves as the federal i. T. Community to evolve the score cards and the support of five agencies from a rapidly adapting i. T. Management best practices and move aggressively to modernize Agency Process the systems. Thank you for the opportunity to testify today. Thank you so much, mister spires. Think you, all three of you for a very thoughtful testimony. I assure you that we will be glad to work with you on the cognizance of some of the changes you have proposed in the metrics and in the scorecard itself. The chair now calls on mr. Palmer for his five minutes of questioning. The mr. Palmer . Hes having a band with issue. Im informed mr. Palmer is having a pant with issues in alabama, maybe. Let me ask all three of you a series of questions. How important is it that the c i owe have the ear of the agency head . That is one of the categories we have actually added to the scorecard in terms of the reporting sequence because from our point of view, it is about empowerment. If you are going to make decisions and make them stick, the rank and file need to see that that ceo is empowered by the agency and the boss. In your experiences, how important is that from your point of view . Lets start with mr. Spires. I have a situation of reporting to the agency head and the large bureau in the irs when me when i was cio. Not the case at the asias, ive seen both situations in government and i think it makes a significant difference. The secretary for management and dhs, that individual that i served under had no idea background. There was a lot of lost translation and frankly, i dont feel, not that i wasnt able to develop a relationship with the secretary of dhs, but it was not nearly as strong a relationship as i was able to develop the irs commissioner. I would say that in my view, i was able to be more effective, significantly more effective because i had a Good Relationship with the head of agency. Miss council. Yes, i agree with mr. Spires. I actually during my time at va it, wasnt the norm, but i had a direct reporting relation with the secretary, who is robert mcdonald. Part of the reason for that was that we had a short period of time in a lot of things to get done. He understood, i understood in large part, enterprises, id come from johnson johnson, he had been from barton and gamble. We had to seek very quickly. It also is a way for the ceo to have the kind of supports enterprise wide, that they need, when the agency head is aligned with them. It doesnt mean that you dont include others in the conversation, it just means that everyone knows this mandate is a mandate. I totally agree with that alignment. Thank you. Mr. Palmer . I think it is very important in the discussions that were having about Mission Modernization and legacy where we have and ceos have relationships with the business elites and also a strong relationship with the cfo so that there is budgetary supports to tackle these big, complex legacy modernizations. Having the support at the top so that they can be a Business Partner with the business units, and also having that strong relationship with the cfo, is critical at tackling these big challenges that our government faces. Mister powner, well ive got you, maybe you heard the Previous Panel, our conversation about data centers. The attempt by omb to dilute the definition of data centers, which could have the unintended effect of losing savings and even compromising security. Will you comment on that . You remember how important the premium we put on the consolidation when we began this process with the scorecard. Yes, no doubt, a couple comments. I knew, when that memo came out that there was going to be rough between policy and where you are going on with data center consolidation, i think that we have had Great Success with data consolidation. 4. 7 million in savings. Do i think those opportunities will do more . Sure. And populates Capital Funds. I think what really needs to occur, is i think there needs to be some type of agreement between omb and what they are doing and what Congress Wants to do. So that you get more on the same page. Right now, we are different ends of the spectrum, here. I do think theres probably some coming together where you could tackle some data centers. Theres a lot that is already done but there is still some opportunities. Thats why i think the infrastructure category on the scorecard, we could still include data centers but you could also look at modern Networks Like the vehicle, its a great way to think more broadly about the infrastructure, and how would tackle that. You will remember, perhaps that the very first hearing we had on this subject was when john michael was chairman of this subcommittee and different kind of configuration. We had a field hearing at Georgetown University in my district. That forced people to look at how they were complying with his brandnew bill, fitara on data consolidation. What happened was, weve got much better at identifying thousands of data centers we didnt know we had. We made zero progress on consolidation. Out of that hearing grew the idea of a scorecard. We actually could create metrics and force action. I hope we dont go back to that. It is distressing to learn that this action alone would take 2000 existing centers and basically take them off line. That is not the language of the statute or the intent of the statute. Its worth watching. My time is up. Mister heiss, i recognize you for five minutes. Thank you, mister chairman. Real quickly, to each of you. I dont want to long answer, i want to get your basic fill here, i would like to hear from each of you as to how you think fitara, scorecard, has been successful in driving change within agencies. From your perspective. Has this thing been working, real quickly, why, or why not . Ill start. Its definitely working. As mentioned in my testimony, the point is that we have always had good people, good ceos, people who want to do the right things but the environment and many agencies the culture as the vergne was talking about makes that difficult at times. You shining a light on aspects of i. T. And i. T. Management as congressional oversight, i think is really critical. It does ive got other questions. I want to hear from the others. Yes, or no . Yes. I think it is working, i think it is working very well and i also believe that people manage was measured and because its managed and because its measured and because its clearly transparent, it get q. C. Will focus on the right things. I agree with miss counsel and that what gets measured gets done and i think what is really important to look at is your prince distance and consistency. And most of these, it took four scorecards in two years to see could significant change. Youve got to stick with it in order to drive change in some of the cultural issues miss council mentioned earlier, takes time. I dont remember which one of you is most equipped to get on this but several of you a couple of you brought this up with the ceos. What is the biggest challenge that the sea iowa is facing in the attempts to try to deliver large scale i. T. Modernization . What is the wall they are running into . I can take that one. Large implementations are just that high risk and they are costly. They include people. And when you put all of those together, you end up in a situation where you cant control all of the aspects and it requires a really focused effort of all hands on deck. One of the biggest issues you run into, especially with one or two your money, even with the working capital fund, its that you may have multiple sets of these systems in the same environment. I can only speak to va, but you are talking about one of the most complex environments in the world, not just in the u. S. Government. And so when you go after trying to effectively change one of these, youve got to realize you are impacting an entire enterprise. None of these things are in isolation. Gh,none of these things easily e changed without engaging the entire whole. They are tough, but, can they get done . Yes, they can get done. They require a lot of focus, they require everyones intense and i think that is one of the reasons we think that the alignment needs to be the top of the house, so that everyone understands they have to have a stake in its success. Okay, mister spires, are you there . Yes. Im sorry my time is running out you mentioned a recommendations if you will, regarding next steps for the scorecard. And specifically brought up try to phase in the metrics and obtain the highend. Can you walk me through what you have in mind in those comments . Sure. I believe we need to try to get federal alignments in we mentioned this earlier an answer to the question about how Congress Working effectively, there is a it wont ever be perfect we can get a really good set of metrics, we gotta forgot how we measure them thats important, and get the data, and we get better alignment, this is a bipartisan issue, i think we can work to do that. I think we can make significantly more progress and driving i. T. Modernization. Because too often, we are not going after we are doing things that help, dont get me wrong, but some of the really big modernization efforts that do require that whole of agency effort, agencies are just scared to go after. We need to change that dynamic. Its really important to our country that that gets done. Thank you, i hope youre right. I agree, the metrics have been great, the question, the score cards, but moving it forward to get more to the bottom line of what we need to get to, i think we can get there as well. Thank you for your answers and i appreciate, mister chairman, i yield back. I think the Ranking Member and our hope i think, eventually, is to move to a scorecard that is a digital hygiene kind of a scorecard. But, it is important to know what mr. Powner noted. The only reason we have made the progress weve made is because we have stubbornly insisted on the metrics contained in the scorecard for five years. And its took five years to get everyone finally better than 80. And no fc. Five years. We want to be cautious about sliding back or assuming progress where it frankly has not yet been completely achieved. So, i want to think all of our panel for being here, there are so many other areas we could expand upon. Mister chairman. Mr. Palmer, are you still with us . Yes. I swept myself off. Sorry. Welcome back. You are recognized for five minutes, mr. Palmer. Thank you mister chairman, some additions to the scorecard, this has to do with security. The federal acquisition regulations are really right in such a way that the chief its best. I go back to something that we talked about in a panel. We are dealing with antiquated legacy systems and about 51 of what we are buying is source from china. I am wondering if it makes sense to add to the scorecard and to encourage agencies to avoid buying it, as much as possible, avoid buying from china. Mr. Spires, since you raise the issue of adding to the scorecard. Its a security area and im a huge believer in looking at enterprise risk and there is no doubt today that cybersecurity supply chain risk is a very significant risk that we need to address. I am not in a position to say, that we should exclude it. We shouldnt buy anything from china that is related to i. T. , but i think it is something that agencies need to take seriously as they look at their enterprise risks strategy. I know that is certainly something v hhs is looking at, for all of government right now. Im not saying that they can source everything outside of china, but we ought to encourage them as much as they can because i think there is a gap, particularly when it comes to security. Especially around this multi tiered supply chain and it is really mentioned nowhere or addressed no are in these acts so let me ask it this way. Does it make sense to amend fitara to assess the Global Supply chain Security Risk ties to the federal i. T. Acquisitions . Maybe that is where we started and we put that in to the scorecard. Does that make sense . It is a key risk for enterprise cybersecurity for an agency and it should be addressed as such. Whether or not that needs to be in the legislation are just part of the scorecard, i think that is why you should have an Advisory Group with some experts that are really study this particular field. What could be best for the federal agencies and how to handle this particular enterprise risk. Okay. Im not totally familiar with all the agencies but i know there are a number of areas that are considered highrisk, i dont know in the gao assessment if that includes high risk or Security Breaches in the context of where they sourced their materials. Mr. Powner, i dont have you know . This question about congress is chemical times and i think one of the key things we probably need to do whether a supply chain or highrisk is in regard to other aspects of highrisk and where there is risky acquisitions that are out there and it sounds like its probably some clarification that we need to look at in terms of their policy if but they currently have in place so that we are all on the same sheet here because there seems to be a lot of confusion. I would recommend that omb take a good hard look at this risk and what their policies say what they say about that. We will follow up on that and i think i have been on oversight since day one and i took a leave for most of this congress. But i have done a lot of work with the gao and the thing that i want to commend the chairman for and the right key member on is we are continuing to Work Together in a bipartisan way to improve the quality and the Previous Panel, chairman connolly mentioned that some of these agents are still operating on cobalt. When i was in college, i was a cobalt consultant. My concern is that there are not many people left who would know how to correct something if something went wrong with that. Theres a lot of vulnerabilities that exist and what i think we were trying to do here in a bipartisan way is not only enhance our security but also include the quality of the work product by what i think we need to be doing is replacing antiquated systems and not only doing it at the federal level but at the state level to, so that we get that opera biloxi that we desperately need. With that mister chairman, i thank you for recognizing me and being back on the committee. I yield back. Thank you, mister palmer, thank you so much, for a thoughtful. Let me ask one last question if i may, of all of the panelists given your experience. One of the things that concerns many of us, especially those of us who are also in the private sector in 90, is that there is this gap, knowledge gap experience gap, between the federal government and lets say the private sector, especially doers the provide services to the federal government in the sector. That gap is almost growing, to try to reverse that, we have got to be able to attract Technology Specialists and experts who can help with the government manage its i. T. , procure its i. T. , and even writing the terms of reference for complex i. T. Contract. I would love to hear as the final part of this hearing, your observations briefly about that problem, if you agree it is a problem, and what you think we ought to do about it. Miss counsel, why dont you start . Thank you for the question. This is actually a question that impacts the governmental aspects as well as private industry. We dont have enough technologists anywhere. We dont have enough data scientists anywhere. We dont have enough architects anywhere. The need for technology, the need for people that really understand Information Technology and how to make it scale has constantly been a, i can tell you now, tenfold. As you see the now normal that we go through, since covid, technology is everywhere and is everything. It allows us to be where we need to be and when we cant be there physically, it allows our ideas to be there. So getting people to come work in the federal government is really hard, i talk about that often when i was in the role, i wouldnt know how to get into the federal government. Its not a straight line. Its not sending a resume. You Start Talking to someone as you would in a commercial. It also requires that you understand how to navigate. Some of the best and brightest in our universities today are interested in working on technology, want to work on the newest things possible. They want to work on the hardest things possible, so the more we can give them that kind of environment, the faster we can get up on technology, the faster we can get technology the more excited young people will be as well as some old people, dont count us all out. We know how to program, some of us do. We would be more than willing to come in and help the federal government, no doubt about it. Thank you. Mr. Spires . You yes, thank you, grandson by ms. Counsel. I will build on that a little by saying that i really feel like, i came in intimate career at the government at irs first and i will tell you that the sense of mission is really probable. I think we can do a much better job of enticing younger people if we would market ourselves better as federal agencies. I recognize it sometimes you dont have the latest technology that you can offered all of them, but i will tell you, the opportunities that younger people can have that are talented, that really wants to build a career, i think we are missing a big opportunity to be able to entice people and i think if we marketed this more effectively, we could attract people. You are going to lose a lot of them, there is no doubt. Maybe you have a program where you try to keep them four for five years. And some will stay, a lot will go back into the private sector and that is okay, but we need to do Something Different and i dont think we will be able to buy our way out of this with increased salaries but i do think we have a wildcard here that we need to play. That is that sense of mission in the opportunities we can offer younger people. Thank you. Mr. Powner, final word. I agree on the sense of mission. Many times, icy departments in the federal government have this compliance focus and that compliance focused isnt going to attract anyone. If you look at where ms. Council was at, who doesnt want to help the vets in our country or who doesnt want to help secure the homeland where mr. Spires worked . Those are the types of missions that we really need to get out front and talk about the challenges that we face as a government and attract young hard chargers that are out there. It is not going to be easy because of the salary differences, but i do think, and we have seen it, when you do have this mission focus, like why do some folks who are season come back into the government . This council did. Mr. Speiers came back because they were sold on the mission and they actually want to deliver on the missions. Its no different with the younger folks were trying to attract, we really want to sell the mission hard because a lot of things in government are really important and i think there would be a fair amount of people who would get behind that. So a little inspiration wouldnt kill us. Absolutely. Absolutely. Thank you. With that and an objection all members will have five legislative days within which to submit papers to the chair which will be forwarded to the witnesses with the response, i ask all of our witnesses to respond as promptly as you are able, and i want to thank all three view for a very thoughtful contribution to this conversation and the scorecard on qatar, and with that this hearing is adjourned. Cspan has unfiltered coverage of congress, the white house, the supreme court, and Public Policy events. You can watch all of cspans Public Affairs programming on television, online, or listen on our free radio app and be part of the National Conversation through suspense daily Washington Journal Program or through our social media feeds. Cspan, created through americas Television Cable companies
comparemela.com © 2020. All Rights Reserved.