[House Hearing, 106 Congress]
[From the U.S. Government Publishing Office]
ESTABLISHING A FEDERAL CIO: INFORMATION TECHNOLOGY MANAGEMENT AND
ASSURANCE WITHIN THE FEDERAL GOVERNMENT
=======================================================================
HEARING
before the
SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
INFORMATION, AND TECHNOLOGY
of the
COMMITTEE ON
GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTH CONGRESS
SECOND SESSION
__________
SEPTEMBER 12, 2000
__________
Serial No. 106-261
__________
Printed for the use of the Committee on Government Reform
Available via the World Wide Web: http://www.gpo.gov/congress/house
http://www.house.gov/reform
U.S. GOVERNMENT PRINTING OFFICE
74-562 WASHINGTON : 2001
_______________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing
Office
Internet: bookstore.gpo.gov Phone: (202) 512-1800 Fax: (202) 512-2250
Mail: Stop SSOP, Washington, DC 20402-0001
COMMITTEE ON GOVERNMENT REFORM
DAN BURTON, Indiana, Chairman
BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California
CONSTANCE A. MORELLA, Maryland TOM LANTOS, California
CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia
ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York
JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York
STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania
JOHN L. MICA, Florida PATSY T. MINK, Hawaii
THOMAS M. DAVIS, Virginia CAROLYN B. MALONEY, New York
DAVID M. McINTOSH, Indiana ELEANOR HOLMES NORTON, Washington,
MARK E. SOUDER, Indiana DC
JOE SCARBOROUGH, Florida CHAKA FATTAH, Pennsylvania
STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland
MARSHALL ``MARK'' SANFORD, South DENNIS J. KUCINICH, Ohio
Carolina ROD R. BLAGOJEVICH, Illinois
BOB BARR, Georgia DANNY K. DAVIS, Illinois
DAN MILLER, Florida JOHN F. TIERNEY, Massachusetts
ASA HUTCHINSON, Arkansas JIM TURNER, Texas
LEE TERRY, Nebraska THOMAS H. ALLEN, Maine
JUDY BIGGERT, Illinois HAROLD E. FORD, Jr., Tennessee
GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois
DOUG OSE, California ------
PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont
HELEN CHENOWETH-HAGE, Idaho (Independent)
DAVID VITTER, Louisiana
Kevin Binger, Staff Director
Daniel R. Moll, Deputy Staff Director
James C. Wilson, Chief Counsel
Robert A. Briggs, Clerk
Phil Schiliro, Minority Staff Director
------
Subcommittee on Government Management, Information, and Technology
STEPHEN HORN, California, Chairman
JUDY BIGGERT, Illinois JIM TURNER, Texas
THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania
GREG WALDEN, Oregon MAJOR R. OWENS, New York
DOUG OSE, California PATSY T. MINK, Hawaii
PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York
Ex Officio
DAN BURTON, Indiana HENRY A. WAXMAN, California
J. Russell George, Staff Director and Chief Counsel
Ben Ritt, Professional Staff Member
Bryan Sisk, Clerk
Trey Henderson, Minority Counsel
C O N T E N T S
----------
Page
Hearing held on September 12, 2000............................... 1
Statement of:
Atkinson, Robert D., director, technology & new economy
project, Progressive Policy Institute...................... 180
Doll, Otto, Commissioner, Bureau of Information & Technology,
State of South Dakota, president, National Association of
State Information Resources Executives..................... 129
Flyzik, Jim, Deputy Assistant Secretary, Information Systems,
Chief Information Officer, U.S. Department of the Treasury,
vice chairman, Chief Information Officers Council.......... 114
Ink, Dwight, president emeritus, Institute of Public
Administration, former Assistant Director for Executive
Management, Office of Management and Budget (1969-1973).... 212
Katzen, Sally, Deputy Director for Management, Office of
Management and Budget...................................... 6
McClure, David, Associate Director, Governmentwide and
Defense Information Systems, U.S. General Accounting Office 17
Rummell, Paul E., president and chief executive officer, RLG
Netperformance Inc., former chief information officer for
the Government of Canada................................... 173
Scherlis, William L., principal research scientist, School of
Computer Science, Carnegie Mellon University............... 210
Letters, statements, etc., submitted for the record by:
Atkinson, Robert D., director, technology & new economy
project, Progressive Policy Institute, report entitled,
``Digital Government, the Next Step to Reengineering the
Federal Government,''...................................... 183
Doll, Otto, Commissioner, Bureau of Information & Technology,
State of South Dakota, president, National Association of
State Information Resources Executives, prepared statement
of......................................................... 132
Flyzik, Jim, Deputy Assistant Secretary, Information Systems,
Chief Information Officer, U.S. Department of the Treasury,
vice chairman, Chief Information Officers Council, prepared
statement of............................................... 118
Ink, Dwight, president emeritus, Institute of Public
Administration, former Assistant Director for Executive
Management, Office of Management and Budget (1969-1973),
prepared statement of...................................... 215
Katzen, Sally, Deputy Director for Management, Office of
Management and Budget, prepared statement of............... 10
McClure, David, Associate Director, Governmentwide and
Defense Information Systems, U.S. General Accounting
Office, prepared statement of.............................. 19
Rummell, Paul E., president and chief executive officer, RLG
Netperformance Inc., former chief information officer for
the Government of Canada, prepared statement of............ 175
ESTABLISHING A FEDERAL CIO: INFORMATION TECHNOLOGY MANAGEMENT AND
ASSURANCE WITHIN THE FEDERAL GOVERNMENT
----------
TUESDAY, SEPTEMBER 12, 2000
House of Representatives,
Subcommittee on Government Management, Information,
and Technology,
Committee on Government Reform,
Washington, DC.
The subcommittee met, pursuant to notice, at 10 a.m., in
room 2154, Rayburn House Office Building, Hon. Stephen Horn
(chairman of the subcommittee) presiding.
Present: Representatives Horn, Davis, and Turner.
Staff present: J. Russell George, staff director/chief
counsel; Randall Kaplan, counsel; Ben Ritt, professional staff
member (GAO); Bonnie Heald, director of communications; Bryan
Sisk, clerk; Elizabeth Seong, staff assistant; George Fraser,
intern; Trey Henderson, minority counsel; and Jean Gosa,
minority assistant clerk.
Mr. Horn. A quorum being present, this hearing of the
Subcommittee on Government Management, Information, and
Technology will come to order.
While we're having you all stand why don't we take the oath
of office, as you know, for your testimony.
[Witnesses sworn.]
Mr. Horn. The clerk will note that all of the witnesses
have affirmed the oath.
I'll now make an opening statement, followed by the ranking
member, the gentleman from Texas, Mr. Turner; and then we'll go
down the line.
I might say to you what we said to the witnesses yesterday,
you put wonderful statements in before us. We and the staff
have had a chance to read it; and we're very grateful to you
for--especially some of the ones that are out of town here. I
think with the CIOs at the States that was very useful
information. But we'd like you to summarize it in 5 minutes.
Because what we want is a dialog here between the Members and
between you. That way we get the best information out of it. So
try to think about what are your key points after we start the
opening statement.
Yesterday, this subcommittee examined the government's
efforts to protect its computers and the sensitive information
they contain. We heard testimony from the General Accounting
Office that widespread deficiencies in computer security exists
at a large number of Federal departments and agencies. Some of
the problems include poor implementation of policy and
procedures and the lack of a coordinated security program among
the departments and agencies.
Within recent memory two government agencies, the Federal
Aviation Administration and the Internal Revenue Service,
wasted more than $7 billion on huge new computer systems that
were ultimately scrapped because they could not deliver the
services that it promised. Taxpayers cannot afford to have
those management mistakes and the flagrant losses repeated.
We will examine two bills today that would establish a
Federal Chief Information Officer and centralize management of
the government's vast information resources: H.R. 4670,
introduced by the subcommittee's ranking minority member,
Representative Jim Turner of Texas; and H.R. 5024, introduced
by subcommittee member Representative Tom Davis from Virginia.
I look forward to learning more about both proposals, and
I'd like to welcome our witnesses today and look forward to
their testimony.
I now yield time for an opening statement from the
gentleman from Texas, Mr. Turner.
Mr. Turner. Thank you, Mr. Chairman. I want to thank you
for allowing us to have this hearing on this issue that I think
is of utmost importance.
The information technology revolution of the last decade
has had, as we all know, a profound impact on almost all
aspects of our society. While the private sector has been quick
to capitalize on the new opportunities created by the digital
revolution, it is widely acknowledged that the Federal
Government is behind the curve. The fact is, information
technology offers as much to our government as it does to the
private business. Among other advantages, it will allow us to
literally put government at the fingertips of our citizens. A
working e-government will mean that citizens can finally go
online quickly and easily, instead of spending hours standing
in long lines or waiting on hold to get the answers they need
from government.
E-government can make government more customer friendly
and, if we do it right, more cost-effective, saving millions of
dollars for our taxpayers.
The information technology revolution also presents the
Federal Government with one of the greatest management
challenges we have ever seen. There is no doubt, however, that
here in Washington we can misspend large amounts of money in
incorrectly addressing the challenge. Just yesterday this
subcommittee held a hearing on computer security, and numerous
witnesses stressed the need to have cross-agency initiatives
put in place rather than rely on each separate agency to
duplicate the investment in finding solutions.
With the enactment of the Clinger-Cohen Act in 1996, all
individual Federal agencies have a CIO, but the Federal
Government as a whole does not. As the individuals responsible
for providing information technology advice and policy
recommendations, developing and facilitating information
systems as well as evaluating and assessing those systems, the
Federal Chief Information Officers play an essential role in
fostering a digital government. The role of the agency CIOs has
been very positive. However, because of a lack of central
authority and funding, there is little agency coordination when
it comes to establishing crosscutting digital government
applications.
We hear a lot today about the digital divide. In the
Federal Government there is a different kind of digital divide
where each separate agency pursues the application of
information technology without the benefit of significant
government wide leadership.
In an effort to close the Federal Government's digital
divide I've introduced H.R. 4670, which would create a
framework for a Federal Chief Information Officer located in
the Executive Office of the President. The position would
report directly to the President and direct the process of
developing an aggressive digital government conversion plan. He
or she would have a small staff and a budget independent of
individual agencies to help drive the next generation of
digital government, much of it involving cross-agency
applications.
The Federal CIO would also take the lead in shaping the
administration's policy regarding the Internet and computer
security. The Federal CIO would select the best ideas for e-
government, develop pilot programs and test them in selected
agencies and establish priorities for the application of
information technology to improve government. The Federal CIO
would be the lead coordinator to forge stronger digital
partnerships with State and local governments.
I commend the chairman for having this hearing; and I
commend my colleague, Tom Davis of Virginia, who has introduced
his own bill on this topic.
I realize that there are issues surrounding where the
Federal CIO will be located and what specific statutory
authority he or she may be given. This discussion requires
careful consideration of the current statutory responsibility
of the Office of Management and Budget and an analysis of the
current role of the OMB's Deputy Director for Management, who's
here today. We appreciate the good work and input that Ms.
Katzen has given us and OMB's Office of Information and
Regulatory Affairs.
OMB's budget and oversight role over all executive
functions clearly includes information technology, and it is
not my intent to fail to acknowledge the fine work the office
has done. Rather, with this legislation I seek to enhance the
capability for leadership and the effective and timely
application of information technology to government.
There are several points that I believe are essential to
the success of a Federal CIO. These include a high-profile
leadership role to elevate the visibility and focus of
information technology and who reports directly to the
President.
Second, the establishment of a good working relationship
with OMB and the Federal agency CIOs.
And, third, direct access to funds to ensure the capability
to carry out meaningful initiatives.
This hearing affords the first opportunity in this Congress
to consider the concept of a Federal CIO. Both Presidential
candidates have publicly expressed their support for a new
position with a defined focus on e-government. This is clearly
an idea whose time has come. It is my hope that this hearing
will move us forward on this idea, solidify our resolve to
maximize the potential of information technology in government
and more clearly define the structure that this position should
take to maximize its effectiveness.
In government, we have a clear need to meet the challenge
of the digital age. It is not just a matter of resolving
conflict; it is a question of whether or not we will take
advantage of the phenomenal growth of information technology,
whether we will make dot-gov as commonplace as dot-com.
Again, I commend the chairman for the opportunity to have
this hearing, and I look forward to hearing from each of our
witnesses.
Mr. Horn. I thank the gentleman and now yield opening time
for the gentleman from Virginia, Mr. Davis, who has another
proposal in this area; and I'd like him to expand on that now.
Mr. Davis. Thank you. Mr. Chairman, I want to, first, thank
you for your responsiveness in holding this hearing today to
examine the merits of establishing a Chief Information Officer
for the Federal Government based on proposals introduced by
both myself and my colleague Mr. Turner.
I also want to express my deep appreciation to our ranking
member for his foresight in focusing on an issue which I
believe is critical to improving the ability of government to
be an efficient user, coordinator, manager, disseminator and
protector of information resources, particularly with respect
to information technology.
I'll spend my few minutes highlighting the dominant themes
which shaped my proposal, the Federal Information Policy Act,
to create a Federal CIO who is vested with the primary
authority to coordinate information resources management within
and amongst all Federal agencies, including the implementation
of effective, mandatory controls over government information
security through a new Director of Information Security and
Technical Protection.
A decade ago, technology stood as one of many factors
important to the mission and performance objectives of the
Federal Government. But no longer is technology one of many.
Instead, the Information Revolution and the ever-evolving
technologies that support its collection, assimilation and
communication have become integral to the functioning of our
government. The past 5 years alone are testimony to a
remarkably fast-paced change in the ability of Americans to
communicate and access information through the personal
computer and the Internet.
It's the responsibility of the Federal Government to adapt
its institutional processes of the old age to the new economy
and become a national model for information resources
management and information security practices through the
acquisition and use of information technology.
The current processes appear to lack a focused,
coordinating body to implement effective IRM policies and
develop a common strategy for interagency efficiency and
cooperation. Although the Office of Management and Budget has
responsibility for information resources management
governmentwide, I'm deeply concerned that OMB, through the
Office of Information Regulatory Affairs, is simply unable to
devote the attention needed for carrying out effective
information resources management as directed under current law.
For instance, in July 1998, the General Accounting Office
[GAO], examined two of the IRM-related responsibilities
assigned to OMB in the Paperwork Reduction Act and delegated to
OIRA but found that OIRA had not satisfied either of them.
Those responsibilities were developing a governmentwide IRM
plan and periodically reviewing a selected agency's IRM
activities. And last year the GAO found that improvements in
broad IT management reforms will be difficult to achieve
without effective agency leadership, highly qualified and
experienced CIOs and effective OMB leadership and oversight.
If we can't get the management of our information resources
in order, how are we ever going to be able to implement the
electronic government initiatives supported by this
subcommittee and the Congress, as well as by the
administration, that will allow American citizens to
communicate more easily with their government?
A critical component of protecting information resources is
the governmentwide coordination and implementation of proven
information security practices. Currently, responsibility for
overseeing computer security procedures and reviews is handled
by a number of agencies including OMB, the National Institute
of Standards and Technology, the General Services
Administration, and the National Security Agency.
Notwithstanding the number of agencies involved in various
aspects of information security, there is an abundance of
evidence highlighting the vulnerabilities of Federal computer
systems in both internal and external intrusions.
First and foremost is the portrait that emerged as a result
of the subcommittee's hearing yesterday in computer security in
which the Federal Government received an overall grade of D
minus. As well, at a March 29th hearing, GAO cited earlier
findings that 22 of the largest Federal agencies were providing
inadequate protection for critical Federal operations and
assets from computer-based attacks. GAO reported that within
the past year it was able to identify systemic weaknesses in
the information security practices of the Department of
Defense, the National Aeronautics and Space Administration,
Department of State, and the Department of Veterans Affairs. In
each instance sensitive data and/or mission-critical systems
were penetrated by unauthorized users.
In early August, the Washington Post reported that the
State Department had to warn its employees about downloading
large MP3 sound files on their workstations and the, ``adverse
effect on the networks as these files enter the e-mail
system.'' Part of the best information security practices is
endowing your employees with the necessary awareness of methods
for security intrusions, such as downloading unknown files and
introducing them into a computer network.
Two days later, in discussing the persistent threat of
computer hackers to the Department of Defense, the Washington
Post reported that it is highly--it was highly probable that at
least some of the 22,000 attacks last year were mounted by
foreigners probing U.S. security gaps. These facts alone prompt
serious concerns about the integrity of the most basic access
controls for Federal information systems.
Mr. Turner and I have established a strong basis for
working together with the members of the subcommittee, the
administration, and the private sector to secure the ability of
our Federal Government to better manage its information
resources and fully utilize information technology to better
serve American citizens. Our legislation is similar in that
each bill gives the CIO top-level authority and direct access
to the President and also codifies the CIO Council.
While Mr. Turner's bill envisions the Federal CIO as acting
as an advisor, resource and visionary for information
technology management, my legislation goes several steps beyond
and further encompasses all the information resources
management functions that rely on IT and which are critical to
building a government that can serve its citizens in a
digitally driven world.
The Federal Government is fast falling behind the curve,
and I strongly believe that establishing an empowered CIO is
essential to achieving that goal.
I want to welcome our panel of witnesses today and look
forward to hearing their perspectives and suggestions for
succeeding in making the Federal Government a leader and
innovator in the management, promotion and protection of
government information systems. Thank you.
Mr. Horn. We thank you.
We now move toward our witnesses.
The first witness will be the Honorable Sally Katzen, the
Deputy Director for Management, Office of Management and
Budget. We'll give the administration 2 extra minutes as a
matter of reciprocity and curtesy. So we're glad to see you
here.
STATEMENT OF SALLY KATZEN, DEPUTY DIRECTOR FOR MANAGEMENT,
OFFICE OF MANAGEMENT AND BUDGET
Ms. Katzen. I'm glad to be here. I'm delighted to be here.
I have waited a long time for the opportunity to return to
testify before you and, as in the past, you've picked a great
issue to focus on.
As Mr. Turner noted, there is no doubt that IT plays a
fundamental role in our endeavor to create a government that's
more accessible and more responsive to the public. Nor is there
any doubt about the other types of advantages that IT can
bring. It can also bring significant challenges such as
security and privacy and accessibility.
So today the questions of how to manage and fund Federal
information technology enterprise are among the most critical
facing Federal managers. And unlike the Y2K problem, which is
the background for suggestions, from some people at least,
about a Federal CIO, dimensions of information policy and
technology oversight responsibilities are ever-expanding and
involve every aspect of the government's operations--or at
least they should involve every aspect of the government's
operations.
Now in my written testimony I devote many pages to the
administration's record of managing the IT effort, and I won't
repeat that here. I do want to make three observations.
One, while we do not have someone with the title Federal
CIO, many if not all of the responsibilities identified have
been carried out through OMB, through the Office of the DDM,
through the Office of the Administrator of the Office of
Information and Regulatory Affairs; and I think we've done a
very good job.
Over the last 7\1/2\ years, we--with support from the
President and the Vice President, we have focused on what have
been the most important issues at the time. The early part of
the decade we were focusing on systems, and the FAA and the IRS
that the chairman cited have been turned around as we focus on
customer off-the-shelf types of things, modular development,
``Raines rules'' that we have been using.
We then turned our attention, as this subcommittee well
knows, to Y2K. And despite initial concerns that we would never
meet the date change and some very bad grades on report cards,
we were highly successful in that effort with your help and
with the help of others.
And, finally, we have turned in the last year to focus on
some of the other issues, the paramount one being e-government
but also computer security. Capital planning, data sharing are
subjects which we will probably come up with.
The second point is while I think we have been very
successful we have done a lousy job of communicating how much
progress we've made. People are often surprised when they make
a suggestion and learn we're already doing it. I listen to some
of the things that have been cited as we need to do and I think
to myself, we are doing it. We're just not being very effective
in telling people about it. Whether it's management tools like
sharing savings, whether it's spacial types of data, the
FirstGov, the digital signatures, and indeed the CIO Council,
which you'll hear more from Mr. Flyzik, every agency is not
reinventing the wheel. We have an effective forum for sharing
best practices and carrying forward. We are not doing a very
good job of telling people about it.
And the third point that I'd like to make is that our
success is due not only to leadership from the top, and I'm
referring here to the President and Vice President, and from
leadership from the Congress, and your committee has been
outstanding in that regard, but also because of the hard work
of the many people at the agencies and their leaders who
understand how IT fits into their mission and programs to
provide a better and more effective government. This was a
salient fact of Clinger-Cohen which gave the agency head
responsibility for investment decisions of IT because they know
how IT fits with their missions.
Now, with respect to the subject of this hearing, everybody
agrees on the importance of promoting and managing Federal IT;
and everyone agrees that there should be a higher level of
visibility and a more enhanced effort. There are different
views about how to get the job done.
As the chairman mentioned, one that has some currency now
is to enact legislation that would create a new Federal CIO. As
my testimony indicates, I think the real questions go to what
the leaders of the Federal IT enterprise should do and how they
should do it.
I thought Mr. Turner asked all the right questions. I hope
we'll have a chance later to start explaining what it is that
we are doing in that area.
But because IT is integral to every operation of
government, we think IT leadership must be part and parcel of
the government's budget and program decisionmaking process. In
other words, the strategic management of Federal IT resources
should not be separated from other management and budget
concerns. It must be integrated. It is imperative, we believe,
that officials with accountability for IT have direct influence
over the spending and execution of IT investments.
Severing the tie between responsibility for oversight of IT
and budgeting for IT would undermine both and retard the
progress that both the Congress and the executive branch
recognize as essential. Indeed, separating the Office of
Management and Budget from the management and budgeting for
Federal IT is like taking the oranges out of orange juice.
What's left is drinkable, but it's neither tasty nor
nutritious. OMB's strength is its governmentwide authority,
combined with expertise in individual agency mission budgets
and programs. We set policy governmentwide and oversee
implementation on a case-by-case basis. This is our strength.
We are urged to play our strength.
I cannot emphasize enough how important this function is at
OMB. The OMB Director devotes significant time to IT management
issues, and his leadership has energized our efforts. OMB also
deals with critical information policy issues such as access
dissemination in FOIA as well as computer security and privacy.
The DDM manages these efforts both within OMB and across the
government.
The DDM has strong support from the OIRA administrator. As
a former Administrator of OIRA, I can tell you how important
and significant a component that is. Now we recognize there
could well be enhanced efforts for OMB to promote and lead
agency IT efforts. We have started this effort, and we welcome
a dialog with this committee and with others here at the table
as to what we should be doing to improve our efforts.
Mr. Chairman, as I noted in my testimony at the end, I
offer these views based on 6 years experience of managing
information technology in the Federal Government but also in
recognition that we're only 2 months before an election and 5
months before a transition to a new President. As Mr. Turner
mentioned, both major candidates have made Federal IT an
important program in their agendas and both share your goal and
ours of continually looking at ways to improve Federal IT
management.
The two bills you've asked me to comment on both speak to
what is essentially a management issue: How to organize
oversight of the government's most important function. And I
suggest that legislation now would only tie the new President's
hands. We ought to give the new administration an opportunity
to consider the approaches in these two bills and other
approaches to IT and management and give us their
recommendations before any action is taken.
Again, I join those who recognize and applaud this
committee's interest in how government manages and uses IT. We
think that hearings such as this are extraordinarily helpful to
keep us all focused on how best to achieve those goals. We have
full confidence that this partnership will ensure that the next
administration can build on our progress to deliver the
American people the quality of
government they expect.
Thank you very much, Mr. Chairman.
Mr. Horn. We thank you for your diligence and are glad to
see you back doing all this.
[The prepared statement of Ms. Katzen follows:]
[GRAPHIC] [TIFF OMITTED] T4562.001
[GRAPHIC] [TIFF OMITTED] T4562.002
[GRAPHIC] [TIFF OMITTED] T4562.003
[GRAPHIC] [TIFF OMITTED] T4562.004
[GRAPHIC] [TIFF OMITTED] T4562.005
[GRAPHIC] [TIFF OMITTED] T4562.006
[GRAPHIC] [TIFF OMITTED] T4562.007
Mr. Horn. David McClure is the Associate Director,
Governmentwide and Defense Information Systems for the U.S.
General Accounting Office, part of the legislative branch. Mr.
McClure.
STATEMENT OF DAVID McCLURE, ASSOCIATE DIRECTOR, GOVERNMENTWIDE
AND DEFENSE INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE
Mr. McClure. Good morning Mr. Chairman. Mr. Turner, Mr.
Davis, pleasure to be here.
I really want to cover three crucial points concerning this
topic of the Federal CIO this morning and expand on them
briefly.
First, I think sustained and focused central leadership for
information technology management is essential for the Federal
Government. It should enhance and not constrain similar IT
leadership and accountability in the Federal agencies.
Second, the form and the structure of the CIO position
should follow closely to the functions that you expect the
office to perform.
And, third, the two legislative proposals before the
Congress offer two distinctively different approaches for
elevating the visibility and focus of Federal information
management and technology. Each proposal has its benefits, but
each also will face implementation challenges.
Let me expand on each of these points briefly.
First is the need for established and focused central
leadership. Increasingly, Federal information management and
technology challenges are multidimensional, and they're
horizontal in nature. They cut across traditional program and
agency lines.
As noted in the report that we're issuing today to you, Mr.
Chairman, on management lessons learned from Y2K, a Federal CIO
could be instrumental in focusing on actions that go beyond
those traditional boundaries. This necessitates governmentwide
oversight, interagency collaboration and funding, and
cooperation with State governments, local governments, and the
private sector.
Today's critical IT issues, including IT management issues,
security, critical infrastructure protection, electronic
government, and IT human capital really all require tightly
focused, constant governmentwide leadership and direction. It's
for that reason we support the creation of a Federal CIO today,
just as we did during the deliberations of the Clinger-Cohen
Act in 1995.
Agency leaders and agency CIOs should be held accountable
for their IT missions within their own agencies. But a Federal
CIO can bring a lot to the table. He or she could identify and
set the agenda for governmentwide policy issues needing
attention; he or she could focus on established priorities in
ensuring that related efforts are complementary rather than
duplicative of each other; and the national CIO could direct
the attention and resources to consolidating interagency
governmentwide process through shared information technology
assets.
My second point relates to the critical need for the
Federal CIO position to be structured for success. We've done
research on successful CIOs in both the public and the private
sector. The trend for these positions is--especially in the
government--is for the CIOs to have governmentwide
responsibilities. In creating this position there are two
critical success factors that are paramount: First, top level
political support and attention to IT management; and, second,
clear roles, responsibilities, accountabilities and sufficient
stature to maximize CIO impact and success.
My third point involves the distinctively different models
for a Federal CIO presented by these two legislative proposals.
Let me point out, however, that they do have similarities. For
example, they both make the Federal CIO a Presidential
appointee who reports directly to the President with cabinet
level status. The high visibility afforded to this position
should not be underestimated. It is a clear critical success
factor for all CIOs in any organizations. Both bills also leave
intact OMB's role and responsibility to review and ultimately
approve agencies' budgets for inclusion in the President's
submission.
Additionally, both bills establish the CIO Council and
statute and we believe there are tremendous benefits in doing
so.
The chief differences between these two bills lie mainly
with the scope, the role, the responsibilities of the CIO. Mr.
Davis' bill vests the Federal CIO with policy guidance and
oversight responsibilities that currently reside with OMB. This
would create a single central focus for information, management
and technology. And the multitude of the duties associated with
the DDM position in OMB and the regulatory burden and paperwork
reduction performed by OIRA really limit the ability of OMB to
provide full-time focus and attention to the government's
pressing IT problems.
So to sum up, let me reiterate a point that is made in Ms.
Katzen's written statement. There is clearly no consensus if
the Federal community on the need for a Federal CIO. I think
that can be attributable to the uncertainty about the details
regarding how the position would be created, its role, its
authority, its responsibility. Still we believe there's a clear
need for focused central leadership to increase the
government's ability to use information resources at its
disposal effectively, securely and with the best service to the
American people.
Thank you, Mr. Chairman.
[The prepared statement of Mr. McClure follows:]
[GRAPHIC] [TIFF OMITTED] T4562.008
[GRAPHIC] [TIFF OMITTED] T4562.009
[GRAPHIC] [TIFF OMITTED] T4562.010
[GRAPHIC] [TIFF OMITTED] T4562.011
[GRAPHIC] [TIFF OMITTED] T4562.012
[GRAPHIC] [TIFF OMITTED] T4562.013
[GRAPHIC] [TIFF OMITTED] T4562.014
[GRAPHIC] [TIFF OMITTED] T4562.015
[GRAPHIC] [TIFF OMITTED] T4562.016
[GRAPHIC] [TIFF OMITTED] T4562.017
[GRAPHIC] [TIFF OMITTED] T4562.018
[GRAPHIC] [TIFF OMITTED] T4562.019
[GRAPHIC] [TIFF OMITTED] T4562.020
[GRAPHIC] [TIFF OMITTED] T4562.021
[GRAPHIC] [TIFF OMITTED] T4562.022
[GRAPHIC] [TIFF OMITTED] T4562.023
[GRAPHIC] [TIFF OMITTED] T4562.024
[GRAPHIC] [TIFF OMITTED] T4562.025
[GRAPHIC] [TIFF OMITTED] T4562.026
[GRAPHIC] [TIFF OMITTED] T4562.027
[GRAPHIC] [TIFF OMITTED] T4562.028
[GRAPHIC] [TIFF OMITTED] T4562.029
[GRAPHIC] [TIFF OMITTED] T4562.030
[GRAPHIC] [TIFF OMITTED] T4562.031
[GRAPHIC] [TIFF OMITTED] T4562.032
[GRAPHIC] [TIFF OMITTED] T4562.033
[GRAPHIC] [TIFF OMITTED] T4562.034
[GRAPHIC] [TIFF OMITTED] T4562.035
[GRAPHIC] [TIFF OMITTED] T4562.036
[GRAPHIC] [TIFF OMITTED] T4562.037
[GRAPHIC] [TIFF OMITTED] T4562.038
[GRAPHIC] [TIFF OMITTED] T4562.039
[GRAPHIC] [TIFF OMITTED] T4562.040
[GRAPHIC] [TIFF OMITTED] T4562.041
[GRAPHIC] [TIFF OMITTED] T4562.042
[GRAPHIC] [TIFF OMITTED] T4562.043
[GRAPHIC] [TIFF OMITTED] T4562.044
[GRAPHIC] [TIFF OMITTED] T4562.045
[GRAPHIC] [TIFF OMITTED] T4562.046
[GRAPHIC] [TIFF OMITTED] T4562.047
[GRAPHIC] [TIFF OMITTED] T4562.048
[GRAPHIC] [TIFF OMITTED] T4562.049
[GRAPHIC] [TIFF OMITTED] T4562.050
[GRAPHIC] [TIFF OMITTED] T4562.051
[GRAPHIC] [TIFF OMITTED] T4562.052
[GRAPHIC] [TIFF OMITTED] T4562.053
[GRAPHIC] [TIFF OMITTED] T4562.054
[GRAPHIC] [TIFF OMITTED] T4562.055
[GRAPHIC] [TIFF OMITTED] T4562.056
[GRAPHIC] [TIFF OMITTED] T4562.057
[GRAPHIC] [TIFF OMITTED] T4562.058
[GRAPHIC] [TIFF OMITTED] T4562.059
[GRAPHIC] [TIFF OMITTED] T4562.060
[GRAPHIC] [TIFF OMITTED] T4562.061
[GRAPHIC] [TIFF OMITTED] T4562.062
[GRAPHIC] [TIFF OMITTED] T4562.063
[GRAPHIC] [TIFF OMITTED] T4562.064
[GRAPHIC] [TIFF OMITTED] T4562.065
[GRAPHIC] [TIFF OMITTED] T4562.066
[GRAPHIC] [TIFF OMITTED] T4562.067
[GRAPHIC] [TIFF OMITTED] T4562.068
[GRAPHIC] [TIFF OMITTED] T4562.069
[GRAPHIC] [TIFF OMITTED] T4562.070
[GRAPHIC] [TIFF OMITTED] T4562.071
[GRAPHIC] [TIFF OMITTED] T4562.072
[GRAPHIC] [TIFF OMITTED] T4562.073
[GRAPHIC] [TIFF OMITTED] T4562.074
[GRAPHIC] [TIFF OMITTED] T4562.075
[GRAPHIC] [TIFF OMITTED] T4562.076
[GRAPHIC] [TIFF OMITTED] T4562.077
[GRAPHIC] [TIFF OMITTED] T4562.078
[GRAPHIC] [TIFF OMITTED] T4562.079
[GRAPHIC] [TIFF OMITTED] T4562.080
[GRAPHIC] [TIFF OMITTED] T4562.081
[GRAPHIC] [TIFF OMITTED] T4562.082
[GRAPHIC] [TIFF OMITTED] T4562.083
[GRAPHIC] [TIFF OMITTED] T4562.084
[GRAPHIC] [TIFF OMITTED] T4562.085
[GRAPHIC] [TIFF OMITTED] T4562.086
[GRAPHIC] [TIFF OMITTED] T4562.087
[GRAPHIC] [TIFF OMITTED] T4562.088
[GRAPHIC] [TIFF OMITTED] T4562.089
[GRAPHIC] [TIFF OMITTED] T4562.090
[GRAPHIC] [TIFF OMITTED] T4562.091
[GRAPHIC] [TIFF OMITTED] T4562.092
[GRAPHIC] [TIFF OMITTED] T4562.093
[GRAPHIC] [TIFF OMITTED] T4562.094
[GRAPHIC] [TIFF OMITTED] T4562.095
[GRAPHIC] [TIFF OMITTED] T4562.096
[GRAPHIC] [TIFF OMITTED] T4562.097
[GRAPHIC] [TIFF OMITTED] T4562.098
[GRAPHIC] [TIFF OMITTED] T4562.099
[GRAPHIC] [TIFF OMITTED] T4562.100
[GRAPHIC] [TIFF OMITTED] T4562.101
[GRAPHIC] [TIFF OMITTED] T4562.102
Mr. Horn. We thank you very much for the usual fine
analysis by the General Accounting Office.
We now move to Mr. Jim Flyzik, the Deputy Assistant
Secretary, Information Systems and the Chief Information
Officer for the Department of the Treasury, and he's here in
that role as well as being vice chairman, Chief Information
Officers Council. And we are particularly interested through
you as to the views the Chief Information Officers have on
these matters.
Mr. Flyzik.
STATEMENT OF JIM FLYZIK, DEPUTY ASSISTANT SECRETARY,
INFORMATION SYSTEMS, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT
OF THE TREASURY, VICE CHAIRMAN, CHIEF INFORMATION OFFICERS
COUNCIL
Mr. Flyzik. Thank you, Mr. Chairman, Mr. Turner, Mr. Davis,
and members of the subcommittee. I appreciate the opportunity
to appear today to discuss the concept of a Federal Chief
Information Officer. I would like to first thank the chairman
and the other members of the subcommittee for your continued
support and interest in the improvement of information
technology performance and accountability in the Federal
Government.
I have served as the vice chair of the Federal CIO Council
since 1998, where I play a key role in the direction of
information technology for the Federal Government. In
performing my jobs, I have witnessed the growth of online
services changing the way customers expect to interact with
their government. Citizens now want to use technology to access
the government and its services at a time and a location that
is convenient to them. It is no longer acceptable to have a 9
by 5 government. Kiosks, the Internet and voice technologies
are just a few examples of the many technologies that exist to
provide a fully interactive government to our citizens based on
their terms.
Due to factors including the Clinger-Cohen legislation, the
work of the Federal CIO Council, the year 2000 success and the
growth of the Internet and e-commerce, the role of the Federal
CIO is progressing into a peer with senior management. I
appeared before this subcommittee in March to discuss the
differences in the role of a CIO in the public and private
sectors. Attention is now turning to the future potential and
growth of Federal CIOs. One option under discussion is creation
of a new Federal CIO within the Executive Office of the
President.
In regard to this question, the subcommittee presented me
with six questions which I would like to briefly address.
Should there be a Federal CIO and, if so, how should it assist
the Federal Government in managing information technology? The
attention and debate now surrounding this question is quite
timely. As we progress to a new administration we must envision
the government in an interconnected digital world. My opinion
of whether a new position of Federal CIO is a good idea would
depend on how the position would be implemented and empowered.
A major constraint to the pace of IT advancement in government
has been the skirmishes over centralization versus
decentralization, not lack of capability.
As vice chair of the CIO Council I believe that many
government programs that share common elements or information
could be vastly improved with stronger authority to enforce
interagency and intergovernmental cooperation. We need to tear
down stovepipes and obsolete hierarchical structures. The
Internet knows no such structures or boundaries.
Mr. Horn. Could I just interject for a minute because I've
heard the term yesterday and today, and would you explain to
everybody what a stovepipe approach is?
Mr. Flyzik. Yes, sir. In traditional ways that stoves
worked in homes in the past, you would have various pipes going
out that all were independent of one another with no
coordination. So when we talk about stovepipes we view our
agencies working independently without cooperating or toward
one common goal.
Mr. Horn. Well, now that we have a definition every one
that comes up from the administration will have a little
asterisk put by their name as the Flyzik view of stovepipes. It
will be put in all hearings.
Mr. Flyzik. Thank you so much, sir. It's nice to know I
have a legacy here.
Mr. Horn. We try to provide those little services.
Mr. Flyzik. The oversight could continue to be in the form
of the OMB Deputy Director for Management or it could be
another option like a new Federal CIO or a more empowered CIO
Council. Any new leadership position in this area should have
authority to work through the Director of OMB to control IT
resources, IT budgets and spending. The centralized leadership
can assist the government in managing its use of information
technology and, like the Deputy Director of Management does
today, assist the administration efforts to advise the
President on matters relating to IT, build a vision for IT in
the Federal sector, create opportunities and partnerships with
the academic and private sector, set the direction for critical
IT areas to cross agency boundaries such as interactive
government and security, privacy and critical infrastructure
protection and, importantly, enforce a Federal enterprize
architecture and, most importantly, see government programs
functionally from the point of view of the customer, not any
specific agency. We can and should build on this framework.
Where should the position be located? As the Deputy
Director of Management today, any enhanced central authority
over interagency IT initiatives needs to be located within the
Executive Office of the President. Progress and success will
require buy-in from agency heads; therefore, the function needs
to be performed at a level that can deal with cabinet officers.
How should it be empowered? Stronger empowerment requires
actual authority in a budget to initiate and oversee the
direction and funding of IT initiatives that affect more than
one agency. A new staff position with primary duties to chair a
council or review presentations or present recommendations
would be viewed as just another bureaucratic hurdle and would
be counterproductive. It is essential that any enhanced
authority continue to be integrally linked with OMB's budget
function to develop a process for evaluating the performance of
capital investments for IT across government. It is also
essential that any centralized position have authority to
develop a process for funding interagency initiatives.
Improved funding and management of multiagency IT
initiatives can enhance the government's ability to address
common IT challenges and solutions. Technology allows us to
provide government to its customers across functional areas.
The funding mechanisms should be developed to support this
approach. In addition, funds for interagency IT should be
solidified and made sufficient to support the level of need for
interagency work.
How should a Federal CIO's relationship with agency CIOs in
the Federal CIO Council be defined? A digital economy drives
new expectations of government. It would make sense that it
would drive a new structure too. Ontario, Canada provides an
example of a structure based on functional areas of government
rather than agency structures. Before Ontario changed its
structure the 17 different ministries had 17 different CIOs
reporting to the deputy minister and cabinet office. Now there
is a single authority that reports to the cabinet office in
charge of information technology and is held accountable for IT
in Ontario.
What are more interesting are clusters of CIOs created
around communities of service. The CIOs of these clusters
report to the Ontario CIO. Leadership of Federal IT can operate
in a similar fashion. The Federal CIO Council is already in
place and could present the clusters of CIOs. I provide a chart
of the Ontario organization as an example of a structure
evolving with technology.
How should a Federal CIO address issues such as electronic
government information and insurance? Any expanded central
authority should build on the structure currently in place, the
Federal CIO Council. The Council is effective at establishing
committees to bring subject matter experts out to address the
issues and are in the forefront of IT in government-electronic
government. Enterprise interpretability; capital planning;
security, privacy and critical infrastructure protection; and
Federal IT work force are some examples. The Council has
developed a strategic plan with specific goals and initiatives
for each committee. Greater authority could give the Federal
CIO Council the responsibility and resources it requires to
work with agencies states, academia and the private sector.
Finally, question 6, what are the other key issues the
Federal CIO should consider? Any action to strengthen central
authority for governmentwide IT strategy should continue to
work closely with the Federal CIO Council to develop
strategies. Issues we have identified are: Connecting citizens
to product services and information of their government;
putting in place interoperable and governmentwide IT
initiatives; providing a secure and reliable information
infrastructure that the customer can access and trust;
acquiring IT skills and resources to meet mission objectives;
collaborating between the public and private sectors to achieve
better government; fostering investment management policies,
practices and tools that enable improved delivery of government
programs and services.
I find that the two proposed pieces of legislation are,
each in different ways, interesting starts in improving the
coordination and effectiveness of IT efforts. It is refreshing
that reducing the burden of information collection from the
citizen is emphasized.
We look forward to working with the Congress on addressing
these and other issues. I would like to thank the subcommittee
for the support it has given to the work of the Federal CIO
Council. Without your support we would not have been able to
achieve the national success we have enjoyed with Y2K, the
Internet and e-government. I would like to thank the members of
the subcommittee for the opportunity to present this morning.
Mr. Chairman, this concludes my formal remarks. I look
forward to answering questions.
[The prepared statement of Mr. Flyzik follows:]
[GRAPHIC] [TIFF OMITTED] T4562.103
[GRAPHIC] [TIFF OMITTED] T4562.104
[GRAPHIC] [TIFF OMITTED] T4562.105
[GRAPHIC] [TIFF OMITTED] T4562.106
[GRAPHIC] [TIFF OMITTED] T4562.107
[GRAPHIC] [TIFF OMITTED] T4562.108
[GRAPHIC] [TIFF OMITTED] T4562.109
[GRAPHIC] [TIFF OMITTED] T4562.110
[GRAPHIC] [TIFF OMITTED] T4562.111
[GRAPHIC] [TIFF OMITTED] T4562.112
[GRAPHIC] [TIFF OMITTED] T4562.113
Mr. Horn. Well, thank you very much. We appreciate that
summary.
Otto Doll is the Commissioner of the Bureau of Information
and Technology for the State of South Dakota and president of
the National Association of State Information Resources
Executives. I'm particularly indebted to you for those nice
charts you put with your testimony. It's very helpful to see
what the Governors are doing around the country.
So Mr. Doll.
STATEMENT OF OTTO DOLL, COMMISSIONER, BUREAU OF INFORMATION &
TECHNOLOGY, STATE OF SOUTH DAKOTA, PRESIDENT, NATIONAL
ASSOCIATION OF STATE INFORMATION RESOURCES EXECUTIVES
Mr. Doll. Thank you, Mr. Chairman, Mr. Turner, Mr. Davis,
and members, subcommittee members. Recent congressional bills
such as H.R. 4670 and H.R. 5024 offer tremendous opportunities
for the Federal Government to take full advantage of the
Internet revolution and all it has to offer for digital
government. The States, as laboratories of democracy, offer
many examples of how enterprise-wide Chief Information Officers
add real value to government's use of information technology.
Furthermore, the recent year 2000 compliance effort has allowed
all CIOs, whether they be local, Federal, State, private or
public sector, to completely inventory the IT resources at
their disposal. For the first time we have been able to
establish lines of communication and cooperation among IT units
through our enterprises.
While it is difficult to derive a single organizational
model from the 50 States, some clear trends are apparent, and
both of the bills cited earlier put the Federal Government
firmly on the same path.
Generally with the title CIO comes advisory responsibility
for enterprise-wide IT policy, not just management. Many, if
not all, CIOs report to their Governors, State chief executives
in some formal or informal capacity. CIOs can be called upon to
advise the Governor on IT matters, deliver agency IT budgets,
draft proposal legislation, testify before legislative
committees on IT investment options and results and oversee
statewide procurement, project management, risk management and
strategic planning. While many State CIOs report solely to
their Governors on technology issues, some are also responsible
to cabinet level officials such as the secretary of
administration, commerce, or revenue.
According to a survey conducted by NASIRE in February and
staff research, 23 States have a CIO in place who reports
directly to the Governor; only 8 States reported such an
arrangement in a 1998 survey; 24 State CIOs operate within some
other arrangement, usually reporting to a cabinet officer.
However, that does not mean those CIOs never interact with
their Governors. Some State CIOs work in conjunction with an
advisory board or commission and many serve as chair of a
council of agency level CIOs. The remaining three States are
currently moving toward a CIO arrangement.
A roundtable of State CIOs held at NASIRE's 2000 midyear
conference discussed key aspects of real CIO authority. The
clear consensus was that some form of access to the Governor is
crucial to the CIO's success. Without that access the CIO
cannot win the sponsorship that is necessary to implement
innovative application of technology, break down the silos of
government and manage the expectations of internal and external
constituents who are often intimidated by or over expectant of
the impact of IT on government.
The recent Federal experiences with John Koskinen, who
served as the Y2K czar, shows how a CIO level official serving
as an extension of the chief executive can bring together
diverse public and private interests to tackle the huge IT
project.
We have also seen how the President's keen interest in the
development of the FirstGov.gov portal has reinvigorated a
project that had previously floundered without centralized high
level leadership. The Oval Office and Congress will need an
ongoing, accountable IT visionary for future efforts.
The necessity of the CIO has been recognized by a number of
organizations, including the National Electronic Commerce
Coordinating Council, which declared: ``regardless of the
structure, the most critical factor for success in implementing
electronic government is a clear direction communicated with
both authority and responsibility. Responsibility for
implementation should rest with an empowered leader, such as
the CIO.''
NEC3 is a coalition among NASIRE, the National Association
of Secretaries of State, the National Association of State
Procurement Officials, and the National Association of State
Auditors, Comptrollers and Treasurers.
Separating technology from government programs is
impossible today. State CIOs are responsible for putting their
executives visions and goals for IT into action. The Harvard
Policy Group on Network-Enabled Services and Government, which
included CIOs from all levels of government, echos that
sentiment. They define CIO not solely as a manager of
technology but as a manager of technology in support of
organizational strategy and change management. The same
sentiment emerges from the private sector as well.
Janet Caldow of IBM's Institute for Electronic Government
states: ``our early studies with the Kennedy School of
Government revealed that a center of gravity for technology
policy and strategy is a fundamental critical success factor
for governments to move forward aggressively. That can come in
the form of a Chief Information Officer or a technology and
policy advisor to the chief executive.''
As the center of gravity for IT policy, the CIO needs to
inspire leaders, including elected and appointed officials as
well as front line managers and staff that dedicate political
capital and other resources to the agenda. One powerful dynamic
of IT is that it can enable and integrate all government
services and initiatives--education, criminal justice, economic
development, etc.
A CIO is necessary to convene key information stakeholders,
develop adaptive architectures that are conducive to sharing,
and access the incumbent risks of exposing information online.
Then the CIO is needed to moderate the changing interest of the
diverse stakeholders, enforce standards for sharing, and
implement the critical security technologies and processes that
can ensure privacy. Only then will government enjoy the full
benefits of integration.
Globally, a number of other nations are taking aggressive
approaches to digital government, including the Special
Administrative Region of Hong Kong, Singapore, Australia,
Canada, United Kingdom and the European Union. Australia
represents a major effort to have all that nation's services
well enabled by 2001. Australia, Hong Kong and Singapore have
also signed memoranda of understanding to facilitate cross
national e-commerce, underscoring the important role a national
digital government can play in facilitating economic growth.
In conclusion, let me say that my goals for today have been
to reinforce my testimony before this committee from last
March. Support for the role of the CIO comes from many
quarters. Furthermore, empowered CIOs such as those in Kentucky
and Indianapolis and elsewhere can achieve much. NASIRE
encourages the Federal Government to establish an Executive
Office of the CIO. However, we caution that the role CIO cannot
be defined with one act. The work of the CIO will not end after
one project. In our estimation, the future success of any
government in the new economy depends on not only establishing
an office of the CIO, but also in constantly evolving the role
of CIO as technologies change and new opportunities emerge.
Only then will the full fruition of digital government be
within our reach.
[The prepared statement of Mr. Doll follows:]
[GRAPHIC] [TIFF OMITTED] T4562.114
[GRAPHIC] [TIFF OMITTED] T4562.115
[GRAPHIC] [TIFF OMITTED] T4562.116
[GRAPHIC] [TIFF OMITTED] T4562.117
[GRAPHIC] [TIFF OMITTED] T4562.118
[GRAPHIC] [TIFF OMITTED] T4562.119
[GRAPHIC] [TIFF OMITTED] T4562.120
[GRAPHIC] [TIFF OMITTED] T4562.121
[GRAPHIC] [TIFF OMITTED] T4562.122
[GRAPHIC] [TIFF OMITTED] T4562.123
[GRAPHIC] [TIFF OMITTED] T4562.124
[GRAPHIC] [TIFF OMITTED] T4562.125
[GRAPHIC] [TIFF OMITTED] T4562.126
[GRAPHIC] [TIFF OMITTED] T4562.127
[GRAPHIC] [TIFF OMITTED] T4562.128
[GRAPHIC] [TIFF OMITTED] T4562.129
[GRAPHIC] [TIFF OMITTED] T4562.130
[GRAPHIC] [TIFF OMITTED] T4562.131
[GRAPHIC] [TIFF OMITTED] T4562.132
[GRAPHIC] [TIFF OMITTED] T4562.133
[GRAPHIC] [TIFF OMITTED] T4562.134
[GRAPHIC] [TIFF OMITTED] T4562.135
[GRAPHIC] [TIFF OMITTED] T4562.136
[GRAPHIC] [TIFF OMITTED] T4562.137
[GRAPHIC] [TIFF OMITTED] T4562.138
[GRAPHIC] [TIFF OMITTED] T4562.139
[GRAPHIC] [TIFF OMITTED] T4562.140
[GRAPHIC] [TIFF OMITTED] T4562.141
[GRAPHIC] [TIFF OMITTED] T4562.142
[GRAPHIC] [TIFF OMITTED] T4562.143
[GRAPHIC] [TIFF OMITTED] T4562.144
[GRAPHIC] [TIFF OMITTED] T4562.145
[GRAPHIC] [TIFF OMITTED] T4562.146
Mr. Horn. Thank you very much. We appreciated that
testimony Mr. Doll. I'm going to have to do something I don't
like doing because I'm going to have to interject for a
question period before the representative of the administration
has to go, and she said she has to go at 11:15 and I want Mr.
Davis, Mr. Turner to question her before now and 11:15. So I
first yield for questions 5 minutes for the gentleman from
Virginia, Mr. Davis.
Mr. Davis. Thank you. Sally, thanks for being here once
again and for all the work you're doing. In your written
testimony you offer that Clinger-Cohen is correct in placing
centralized leadership responsibilities for IT investment
management within OMB because OMB has budget and program
oversight responsibilities throughout the executive branch and
can work to ensure that IT supports agency missions and
policies. You go on to say that legislation which mandates a
particular approach may lock in oversight structures and
constrain our capacity to solve the problems that are unknown
to us today.
I wonder if you could take a minute and describe the
leadership role that OMB has displayed in the past in defining
and managing interagency items, not just speaking to money
items but managing IT resources. How does OMB keep track of
those initiatives so that responsible decisions can be made
when projects are not working and should be halted or a new
direction should be taken? Can you give me a feel for how that
works?
Ms. Katzen. Sure. Thank you. In one respect we take our
management challenges each year as part of the budget. We
prepare those priority management objectives, we call them, the
PMOs, that warrant senior management attention, and IT
management is always on the list. This year I think we have
four that include that. People are assigned within OMB both in
the statutory offices and in the RMOs, the Resource Management
Offices, which do the budgeting and management hands, often to
report on a monthly basis on the progress made. I have prepared
this report for the Director, for the President and see how we
are proceeding on the most important challenges.
At the other end of the spectrum OMB is actually a fairly
lean and mean organization--well, I'm not so sure it's mean but
it is lean. We only have about 500 people for all the
governmentwide functions. We leverage our power and authority
through interagency councils, whether it's the Statistical
Policy Council which was created and reports through the Chief
Statistician of the United States, who's in the Office of
Administration. In the Office of Information, Regulatory
Affairs, or the CIO Council, the Deputy Director for
Management, me now, sits as chair of the CIO Council, sits as
chair of the CFO Council, that's the Chief Financial Officers,
sits as chair of the PCIE, which is the President's Committee
on Integrity and Efficiency, which are the IGs, the Procurement
Executives Council. What I have done----
Mr. Horn. Excuse me. Could you sort of spell it out for the
people that are listening?
Ms. Katzen. CIO Council is the Chief Information Officers
Council. CFO Council is the Chief Financial Officers Council.
The PEC is the Procurement Executives Council. The PCIE is the
President's Council on Efficiency and Integrity, which is the
IGs, which are the Inspector Generals.
Each of these councils have committees. Mr. Flyzik
indicated the myriad numbers of committees that they have.
Their e-government committee representative meets with me, with
the CFO Council e-government representative and the PEC e-
government representative, at least once a month, where we sort
through priorities, we hear about initiatives. And the CFO
Council people will sit there and say, oh, is that what the CIO
Council is doing? Isn't that interesting? We're able to
exchange best practices. Mr. Flyzik has attended those meetings
in the past. That's another way we leverage.
Mr. Davis. Where is the decisionmaking authority after you
all sit down and you go through all these? Does it come to you
then up through the head of OMB in terms of resolving----
Ms. Katzen. In most instances it's not a decision that has
to be made yes or no. It's a sorting through priorities. But if
there were, it would be through me and I would consult with
Jack Lew, the Director, or the President or Vice President. Mr.
Doll was talking about the President's interest in FirstGov. We
presented it to him and he loved it, and he therefore announced
it. It was something we had developed, and we had developed it
with the help of the CIO Council as well as the PEC Council
because one piece of this FirstGov is to have a single gateway
for procurement for buying and selling to the government, and
they're interested in that aspect of it.
So we put all these pieces together. When we presented it
to the President he was most enthusiastic about it. So it can
go at different levels, in part depending upon how radical it
may be or how much funding is necessary.
And there's also, one of the problems that we've had, and
I've heard this from a number of the people who are talking
about this, is the funding. OMB has included requests for
funding for security, for e-government, for digital signatures,
for a variety of things and we just were hoping that the
Congress will be more receptive to those requests.
Mr. Davis. I think my 5 minutes are up. I want to make
sure--I might want to give you a couple of written questions,
but I think you've given me the outlines.
Ms. Katzen. Be happy to supply any answers to that. Thank
you very much, sir.
Mr. Horn. The gentleman from Texas, Mr. Turner, 5 minutes
for questioning the witness.
Mr. Turner. Thank you, Mr. Chairman. We appreciate all of
your input on this issue, and as you know, in our meetings
together there are some issues that must be resolved before we
can move forward. And obviously we want to be sure we structure
this new Chief Information Officer in a way that's consistent
with the roles that you are accustomed to having oversight
over. I did notice that in a letter that we received just
yesterday from Mr. Gilligan, who is the CIO of the Department
of Energy, he said that only a small portion of the funding
requests we're talking about for information technology funding
is intended to provide for coordinating governmentwide security
efforts.
We were talking yesterday, as you know, about computer
security as well as providing common solutions that will
improve efficiency and effectiveness of individual agency
security programs. He goes on to say these initiatives are not
designed to replace individual agency programs already in
place. Rather, they seek to build on their successes and expand
existing infrastructure. In an attachment to his letter he says
most of the funding that has been provided in the Federal
budget has been directed at the individual agencies. He says,
and I quote, only a small portion of this funding request is
intended to provide for cross government initiatives.
I'd like for you to describe for us some specific cross
agency initiatives relating to information technology that OMB
has successfully implemented.
Ms. Katzen. I will start by noting that I don't completely
agree with his characterization of the way we do the funding.
It is true that there is a relatively small portion that is
designed for intra--interagency, among agencies, cross-cutting,
governmentwide types of projects. But the security, for
example, should be built into the system. It shouldn't be a
separate kind of venture. It should be part of the capital
planning process, and that's one of the things we're working
on.
But having said that, in terms of the types of activities
that we have, 2 years ago the Congress and Treasury-Postal gave
us a $7 million fund for us to allocate for governmentwide
efforts, and that money was used in part for the CIO Council,
and we asked them to come up with their wish list, their
priorities, so that we could be responsive to the agencies'
CIOs as what they thought were those projects most in need.
Digital signature was one; FirstGov is another that I can think
of off the top of my head.
This year we took that same fund--$7 million is not a very
large amount considering that we spend billions in other
areas--we increased it to $17 million. All indications are the
Treasury-Postal will increase it. That should be significantly
enhanced because there are opportunities. But what we have done
again for the 2001 budget for the $17 million was to go back to
the CIO Council and the CFO Council and say, what is it that
you think is most desirable, and this is reviewed within OMB.
And they came up with these different types of projects that
they wanted us to fund.
Mr. Turner. Is that the only cross-agency initiative that
OMB has been involved in?
Ms. Katzen. No. Clinger-Cohen also includes a ``pass the
hat'' authority. And there was an additional $5 or $6 million
that we used to collect additional moneys from the various
agencies for some of the CIO-type functions. Again, Mr. Flyzik,
who helped implement this, could give you more details on it.
But that's another opportunity.
And the third opportunity is there could be a lead agency.
For example, on FirstGov, even though we're using some of the
interagency money, GSA is the lead agency and is, in effect,
sponsoring this, and they have the resources that we have
reprogrammed to make sure that they can carry this out. There
are other instances where other departments--Treasury, the
Treasury Department is working on digital signatures. We have a
$7 million request, which unfortunately does not look like it's
going to be funded. We could use your help there. But that
would be where they're taking the lead for the government. And
I think that's correct, if I'm not mistaken. But they're the
lead.
So in different areas we'll ask different departments to be
a lead agency. So that, pass the hat and the interagency fund,
all get worked together. We use as much creativity as we can
because the technology is developing an awful lot faster than
the budget process, and you come up with new ideas in the
middle of cycle, you want to fund them. You want to figure out
how to do it lawfully.
Mr. Turner. I think that pass the hat problem, we discussed
that at the hearing yesterday, is one of the problems that we
see in our present pursuit of information technology.
Ms. Katzen. It has drawbacks.
Mr. Horn. We will have another round here.
The gentleman from Virginia, Mr. Davis, 5 minutes. It's
your turn.
Mr. Davis. Just a couple of questions.
You addressed the establishment of the Y2K Council with
John Koskinen, who did an outstanding job, I think we can all
agree, as chairman. It's unclear to me how the need to
establish a Y2K Council in 1998 validates OMB's role in
managing information resources. It seems to me that instead it
demonstrated OMB's inability to gather the necessary expertise
and foresee the need to address the Y2K problem in a more
timely manner and its subsequent inability to manage
governmentwide Y2K remediation without bringing in someone like
John Koskinen to head the whole thing up and to have the clout,
and that you don't want to keep doing this kind of thing. Could
you give me your comments on that?
Ms. Katzen. Well, Mr. Davis, OMB had been responsible for
the governmentwide Y2K efforts, and, in fact, as Administrator
of OIRA, it was one of my primary responsibilities, and we set
in motion the processes that the Federal agencies would use. We
established the reporting practices. We established the CIO
Council's involvement in this; the Y2K committee that I met
with once a month, we did a lot of things within OMB. By 1998,
it became clear that the issue was not just the Federal
systems. The issue was the country. And there was banking and
finance, there was energy, and it was more than the country. It
was international as well.
And so we discussed within the administration bringing in
somebody who would focus attention, who would capture people's
imagination, and who would work with State and local
governments. I had already been meeting with NASIRE people in
1995, 1996 and 1997. John Koskinen took it over. He worked with
State and locals. He worked with the private sector. He worked
with the international Y2K effort.
The responsibility for the Federal systems themselves
remained at OMB. We were the ones who did the quarterly
reports. We were the ones who met with the laggers or those who
were not moving as quickly as they should have. We were the
ones who went to the President or the Vice President when we
wanted additional help. John Koskinen was superb, and he was a
superb candidate for this because he had just stepped down as
DDM at OMB, and he knew where all the levers were. He never
wanted to take from OMB its authority, but he wanted to work
with us, and that was a very good mix.
I was made the vice chair of the Y2K Council to keep the
OMB piece of it intact. And I heard Mr. Doll say that Mr.
Koskinen is a great model, and then he used the term ``for a
single project.'' I agree with that. I think if there's a
single project that you want done sometimes, you find somebody
who has the stature, the experience and the connections to do
it. But if you're talking about something like all of
information technology, Mr. Doll also said you can't separate
technology from government programs. That's the whole thing.
Then I am less amenable.
Mr. Davis. I want to get you out of here. I just look at it
differently. You did a great job, but you had so many other
things to do over there at OMB. You just did. You have so many
responsibilities. You performed them admirably. I've worked
with you on a lot of issues, and you're a great civil servant.
But the problem was in that particular case you had too many
things. The same thing concerns me with OMB and its structure
today in giving it the emphasis. So I just look at it a little
differently.
But I'm really interested to hear your perspective. I
appreciate your sharing it with me. I may get back to you with
a couple of other questions just for the record so we can fill
this up.
You made one other comment that the administration will be
changing, and at least we will have a new President and
probably some new people, and we don't want to act
precipitously. I agree. I'm just putting down a marker to say
this is my concept, and we want to solicit advice on this as we
move forward. This is kind of a work in progress. But I just
wanted to share my thoughts, and I appreciate hearing yours.
Thanks.
Ms. Katzen. That's very helpful. Thank you, sir.
Mr. Horn. Does the gentleman yield?
Mr. Davis. I yield back.
Mr. Horn. The gentleman from Texas Mr. Turner. I'll give
you 4 minutes this time because I want the last 3 minutes.
Mr. Turner. Thank you, Mr. Chairman.
I concur with what my friend Mr. Davis said. I think we are
introducing these bills here in the latter month of this
Congress in order to get the issue on the table and begin to
discuss what kind of structure a Federal CIO should have,
because we know whoever is President is going to make this a
part of their new administration.
And I want to say that, you know, GAO made the comment that
the benefit of a Federal CIO is the ability to focus
exclusively on information technology.
Your training is an attorney, as is mine. You practice
regulatory and administrative law. You wear a lot of hats.
You're the head of the CFO Council, the CIO Council, the
Procurement Council. Even your Deputy, Mr. Spotila, who is the
head of the Office of Information and Regulatory Affairs, has a
wide range of duties, one of which is information technology,
but he is neck deep into regulatory affairs in his office. And
I think what we are trying to do here is to pursue a new
position that has the exclusive ability to focus on information
technology across government; to put in that position an
individual who has the background, the experience and the
educational training to suit he or she to the position of a
chief information officer as we find in the private sector. And
I think that by doing that, we will see more opportunities for
cross-agency cooperation, and we'll see the Federal Government
move forward at a much more rapid pace than we've seen in the
past.
That is not to say we are critical of anything you have
attempted to do, but I think the emphasis on information
technology is long overdue. And I know that you want to work
closely with us to be sure that if we implement a Federal CIO,
that it integrates well with your traditional functions. And I
know that is one of your priorities, and we want to work with
you in that regard.
Ms. Katzen. Exactly. I appreciate that because I think
there is much merit to this call for higher visibility, more
focus or single-mindedness as it were. And my concern is that
it be fully integrated within OMB because they have the
budgeting and the management function governmentwide, and you
can't easily separate the two. But the repeated calls for
higher visibility and more single-mindedness, I think, have
tremendous merit, and I appreciate your comments in that
regard.
Mr. Turner. Thank you, Mr. Chairman.
Mr. Horn. I thank the gentleman.
My question is this: I appreciate you giving us the history
there, and that's some of it we learned new. But the fact was
that nothing happened after this committee started the movement
in April 1996. We wrote the President with the ranking
Democrats at that time writing with us on the letter to put one
person in charge in the executive branch. That was July 1997,
and he finally got around to it in late 1997 and 1998 when Mr.
Koskinen was brought out of retirement. While he was there in
your position, he really didn't do anything on this. You were
doing the work there, as I remember.
Ms. Katzen. I was doing that, yes.
Mr. Horn. And then he retired----
Ms. Katzen. Although I reported to Mr. Koskinen, and he was
aware of what I was doing, and he had sufficient confidence in
me that he let me continue doing it.
Mr. Horn. Well----
Ms. Katzen. And I had sufficient confidence in him that
when we talked to the President and said, I think we ought to
find somebody, he was the first person that came to our mind,
and we called him. He was only in retirement for 2 weeks before
we got him back.
Mr. Horn. He was in retirement, and he did not come back on
board until April 1998.
Ms. Katzen. Correct.
Mr. Horn. He was on a honeymoon with his wife. So the fact
is during this time, FAA, the IRS, billions of dollars were
going through those things. Now, did your group at OMB pull the
plug? Why not when you have that many billion dollars going
right down the drain?
Ms. Katzen. We did, in fact, review the FAA information
systems--we're not talking Y2K now. We're talking the
information systems themselves--the FAA system, the IRS system,
which Mr. Flyzik can talk about the history of that through
this past decade, the HTM system. There was a health system at
HCFA.
Mr. Horn. Right. They spent a few billion, too.
Ms. Katzen. It was unbelievable. It was custom-built.
As I said in my testimony, when we came into office, there
was an established pattern. Federal systems were to be custom-
built with all the bells and whistles. They would inevitably
come in over budget and so late that they would be obsolete by
the time they were fully implemented.
We changed that. We changed that with your help. We changed
that with the help of Raines' Rules. We changed that. We're now
focussing on open architectures, modular development. The whole
Raines' Rules capital planning concept has turned it around,
and you don't have those kind of unfortunate headlines as
frequently by a long shot at the end of the decade that you did
at the beginning of the decade. It took us time to turn it
around. That was what I was focusing on at the beginning part
of the century--decade.
Mr. Horn. Who pulled the plug, OMB or the agency? Did the
agency finally think about it, that they weren't managing
anything?
Ms. Katzen. We worked together. We're collegial. We raised
issues----
Mr. Horn. I know. Collegially with the taxpayers' money to
the tune of $7 billion.
Ms. Katzen. Well----
Mr. Horn. That bothers me. The fact is nobody made the
tough decisions except Raines. I thought Raines really knew
what he was doing when he came in there. And we worked together
on the questionnaire and all the rest of it. He was a very
right-on-the-spot person. He might have pulled the plug. I
don't know.
Ms. Katzen. The health one was ended before Mr. Raines
became the Director. It was while Ms. Rivlin was still the
Director of OMB that we stopped the health one. We stopped them
when it became clear to us that this was not the way to go, and
we worked with them. They're individual cases. Individual
systems presented different problems within the agencies
because they had different needs. FAA's need was that they
couldn't be without a system because of the security of the air
traffic controls. We had to make sure that whatever we had was
enough to bridge or link, and so it was not just possible to
say, well, let's stop that and forget all about it and go to
someplace else. We had to work to a transition. The IRS is one
that took a different turn that Mr. Flyzik can talk to.
Mr. Horn. Let me ask my last question. I know you have to
go.
Yesterday the subcommittee released its computer security
report card for the Federal Government, with the government
receiving a D minus overall. Given the Office of Management and
Budget's oversight responsibility for agency computer security
programs, how do you explain this?
Ms. Katzen. Well, Mr. Chairman, I think, as Mr. Spotila
indicated yesterday, we do not completely agree with the
grades.
Mr. Horn. Not one person under oath in this room disagreed
with any grade. And if they're doing that to the press, they
didn't do it here.
Ms. Katzen. I was not here yesterday. Mr. Spotila was
testifying. My understanding is that a lot of the agencies--
departments were, as they should be, totally candid about we're
doing partly here, we're not doing anything here, we're doing
something here. In some of the grades they got no credit for
any of the things that they were doing.
Grades come as a snapshot in time, and unlike the Y2K where
you have a single function that you want to sort of track over
time, and you can see whether you're 68 percent remediated, 98
percent remediated, you get all the way to 100 percent, with
security there are a variety of different measures and a
variety of different standards depending upon the sensitivity
of the information, because your security should be
commensurate with the risk of loss. And a DOD is a very
different animal from the Department of Agriculture, for
example, where a civilian agency does not have to reach the
same standards.
Having said all of that, I would remind you that when Mr.
Koskinen came into the office, the government was given a D
minus also----
Mr. Horn. That's right.
Ms. Katzen [continuing]. For Y2K.
Mr. Horn. And he got it up to a B, which is great.
Ms. Katzen. What happened was in the 2-year period, because
of the foundations that we had laid and the work that had been
done by the Federal employees, there were no disasters at the
date change. The Federal systems held together magnificently.
People were ready ahead of time. And if we get a B minus when
we actually end up having a nonevent, there's some sense that
maybe the grading on the curve could be a little bit adjusted.
Mr. Horn. It isn't graded on the curve. It's graded on the
absolute. And remember that this is self-graded by the agency,
not us.
Ms. Katzen. They didn't give themselves a D minus. You took
the information and gave them the grades. They didn't give
themselves a grade. If you ask the agencies, and Treasury is
here today, whether they deserved the grade they got or whether
they thought that their work in process is warranting some
other grade, I would be very interested in the responses,
because what I hear is that they feel that the grading was kind
of tough.
Now, I did well in school with professors who gave tough
marks, and I like to rise to the occasion, and I like to fight
back, and I like to say, OK, you give me a B, I'll show you.
I'll get my A.
Mr. Horn. Good. We're glad we stimulated OMB to do
something. And if it takes that, why we'll give them a D minus
or a D plus next time.
But, no, what we want is something that solves this, and we
want people that make tough decisions with the taxpayers'
money. That's what I'm concerned about. That's what every
Member here regardless of party is concerned about. We can't
afford these $4 billion boondoggles.
Ms. Katzen. I share your--I agree with you completely.
Mr. Horn. With security they can do a lot of things. They
just haven't because there hasn't been the focus.
Ms. Katzen. Well, and we haven't gotten the funding.
Mr. Horn. They always say that. All you do is pull the plug
on a few things. Energy is the prime example.
Ms. Katzen. No, I'm sorry. What I meant--you may have
misunderstood what I was staying. We have repeatedly requested
the Congress to fund in the security area for FIDNA, for
FEDCERT, for Cyber Core. There was a $90 million critical
information protection piece that the Congress has not funded.
We have requested funding for security again and again, and
over the last several years and even right now the IRS piece is
not fully funded. Apart from the security is the modernization
that they need to do.
So it's not that we're holding back, but I share your
objective which is not to waste taxpayers' money, which is to
provide the best service possible, to do it in a way that is
reasonable and rational and responsive to the American people.
I agree completely with where you're coming from, and,
again, as I said in my opening statement, we think that the
work that this committee has done has been very important and
instrumental in helping us with whatever progress we have
achieved, and we thank you for that.
Mr. Horn. Let me ask the last question. Do any of the
people here, and that includes the people who haven't had a
chance to make their presentations, do you have any questions
of the administration before Ms. Katzen leaves? Anybody want to
raise their hand or something? Any question you've been wanting
to ask the administration but couldn't? OK. Forever hold your
peace, or talk to them on the side.
Ms. Katzen. Thank you, sir.
Mr. Horn. We thank you for staying, and we hope we haven't
delayed you, but we're within 6 minutes. Thank you.
We now go back to the presenters. Next is Paul E. Rummell,
president and chief executive officer of RLG netPerformance,
Inc., former Chief Information Officer for the Government of
Canada.
We're delighted to have you here, and we want to get a lot
of your experience on the record.
STATEMENT OF PAUL E. RUMMELL, PRESIDENT AND CHIEF EXECUTIVE
OFFICER, RLG NETPERFORMANCE INC., FORMER CHIEF INFORMATION
OFFICER FOR THE GOVERNMENT OF CANADA
Mr. Rummell. Mr. Chairman, Mr. Turner, Mr. Davis, members
of the subcommittee and distinguished panelists. I am very
pleased to speak with you regarding establishing a Federal
Chief Information Officer position in the U.S. Government. I
have a unique perspective to share with you. I served as the
first CIO for the Government of Canada, and I am an American
citizen and a Canadian citizen. I have 28 years' experience in
information technology.
The role and mandate for Canada's CIO position is to bridge
the direction and evolution of technology in government; work
to improve relations with the vendor community; renew the IT
community within the government, and tackle the inertia in
Treasury Board and across the government by resolving key
concerns effectively, like privacy and security.
I reported to the Secretary of the Treasury Board and had a
liaison and strong communication with the Prime Minister's
office. My responsibilities were a $3-billion-a-year budget,
16,000 employees, and a portfolio of 80 some departments and
agencies, and I had a mandate to eradicate the year 2000 bug.
Policy and management were focused on larger departments
like Public Works, Revenue Canada, National Defense, Human
Resource Development Canada, Industry Canada and the Department
of Justice. Twenty of the largest departments and agencies were
represented in a core committee which I chaired, and I
consulted with smaller agencies and departments less
frequently.
I established a Council of Provincial CIO's to coordinate
activities between their jurisdictions, and we met with other
levels of government to coordinate service delivery initiatives
for our government.
The CIO position has made an impact on Canada's Federal
Government success in information technology. We moved beyond
establishing policy to a strategic leadership role with
operational focus and delivered results in three key areas:
infrastructure, innovation and service to the IT community.
Infrastructure is the platform used to deliver cost-
effective, unified services to citizens. It's not just wires
and networks, but INFOstructure, the policies, standards,
procedures and directions that make interoperability a reality.
It is the combination of people, process and technology to
capture the imagination and achieve results.
As CIO and an information exchange specialist, I was and
continue to be in the business of innovation. The approach must
be to balance risk and fiscal responsibility. The CIO position
should be in a place that empowers solutions, from structural
changes and alternate service delivery models to partnerships
with other governments and the private sector.
The CIO's core mandate was to provide advice, expertise and
service to the information community across government, and my
goal was not to get in your way, but to get things out of your
way.
We managed technology spending envelopes to be sure that we
were making appropriate investments. We helped get the
government through some challenges with megaprojects. We worked
with the vendor and outsourcer communities to ensure modern
procurement and project management procedures were in place.
Information technology provides one of the cornerstones for
the renewal of government. It is essential that the U.S.
Government adopt a modern organizational structure with a
Federal CIO to lead, make a real difference and encourage
cooperation.
It is your challenge as a subcommittee and as a government
to play a leadership role in establishing a position that will
direct the appropriate use of technology in our government.
Based upon my experience, I favor the recommendation that the
Federal CIO report to the Office of the President. I believe
the position will be most effective in this structure.
To sum up, these are exciting times. The new Federal CIO
for the U.S. Government will have an ambitious agenda in this
year 2000 and beyond. Effective use of technology will enable
us to work harder, faster and smarter. This is not an end in
itself. What counts is what it will enable us to do, and that
is to serve Americans better. Thank you.
Mr. Horn. Well, we thank you. Those insights are very
helpful.
[The prepared statement of Mr. Rummell follows:]
[GRAPHIC] [TIFF OMITTED] T4562.147
[GRAPHIC] [TIFF OMITTED] T4562.148
[GRAPHIC] [TIFF OMITTED] T4562.149
[GRAPHIC] [TIFF OMITTED] T4562.150
[GRAPHIC] [TIFF OMITTED] T4562.151
Mr. Horn. Our next presenter is Robert D. Atkinson,
director of technology & new economy project for the
Progressive Policy Institute.
Mr. Atkinson.
STATEMENT OF ROBERT D. ATKINSON, DIRECTOR, TECHNOLOGY & NEW
ECONOMY PROJECT, PROGRESSIVE POLICY INSTITUTE
Mr. Atkinson. Thank you, Mr. Chairman, Mr. Turner, Mr.
Davis.
I was the author of a report that PPI released a few months
ago called ``Digital Government, The Next Step to Reengineering
the Federal Government.'' In that report we concluded that the
single most important thing the Federal Government could do to
foster the speedy transition to a digital Federal Government
would be for Congress to create the position of a Federal CIO.
Therefore, I strongly support the committee's efforts to do
this as embodied in H.R. 4670 and 5024.
Mr. McClure mentioned in his testimony that when Clinger-
Cohen was passed in 1995, that there was a debate whether we
should create a Federal CIO at that time, and the decision was
no. That may have been a reasonable decision at that time. I'm
not sure. I wasn't involved in it then. But it's not now, and
the reason for that is there's a saying in the Internet
community that the Web changes everything. And I think the Web
does change everything in government. And now for the first
time--we could not just talk about the notion of functionally
oriented government and moving beyond the stovepipes that Mr.
Flyzik talked about, but we can do it now for the first time.
We have the technology that lets us think about creating
customer-oriented government. To do that, though, we need a
management system that moves beyond just single agencies,
thinking about an IT research from an agency's perspective. And
I would argue we need to think about it on two levels. One, as
I mentioned, is a functional-based, not agency-based,
government. And there are a host of applications that one can
imagine. One place for people who are engaged in exporting and
importing. In fact, there's a program I will mention, the
International Trade Data system. One place for companies to
come and find out all the regulations that they have to deal
with. One place to find out about education and training
resources. One place to find out about health. All of these
things can be done on a functional basis.
Second, we need to think about an enterprisewide
information architecture. There are a whole host of issues with
regard to issues of data sharing, data collection, new types of
interactive tools, expert systems, information on request
systems, data base systems, and other wide-ranging issues which
you've mentioned, security, privacy, digital signatures. All of
those issues are essentially best handled on an enterprisewide,
Federalwide level.
Well, I think you've heard some arguments as to why the
existing organizational and management system can do this. I
would argue that the existing organizational system is really a
function of the old legacy system, the old agency-by-agency
system, and it isn't suited to doing what we need today.
Obviously the proof is in the pudding.
Let me mention two things. I don't really see a Federal
digital government conversion plan right now. I don't think
there is one. I haven't seen it. I think we need to have one to
manage the overall resources.
Second, let me mention one example of, to me, a very strong
effort to do digital government on a functional basis, the
International Trade Data system. ITDS was a great idea. It was
developed--to take 104 different Federal agencies' programs or
bureaus and streamline the collection and reporting of trade
data. That system is essentially still in the water. It's not
moving anywhere, and Customs has really taken over the charge
and is planning to build a proprietary system. And we don't
need a proprietary system. What we need is a functional system.
And I would argue that if we had a CIO, the CIO's
leadership would have been critical in making the ITDS system
come about.
There's another criticism that the CIO would add a layer of
bureaucracy and delay, and that we don't need it because we
already have that management system. I think it's interesting,
we have 20 States now, or more than 20 States, that have
cabinet-level CIOs that report directly to the Governor. In
each of those 20 States, they also have their respective OMBs.
They have Departments of Administration. They haven't
eliminated those Departments of Administration. But what those
Governors in the 20 States have realized is that digital
government is so important to the functioning, to the mission
of the Governor, of their administration that they need to
create somebody whose mission it is to solely do that.
And I think, Mr. Chairman, you've made that point, that
it's not really a question of OMB falling down on the job. It's
just that it's not their core mission. We need some
institutions where that is the core mission.
Last, there is a notion, well, maybe we don't need this
because we can do this as single projects. And, again, the
notion of Mr. Koskinen and the Y2K czar--and I'll quote Ms.
Katzen saying that what was key about Mr. Koskinen was that
``focused attention, captured imagination, and worked with
State and local governments and the private sector.''
To me, that's what we need to be doing every day. It's not
just a Y2K problem. It's a security issue. It's a privacy
issue. It's reinventing our Federal Government. We need
somebody who does that as their mission on a daily basis.
Let me close by saying this really isn't something that--I
think you heard from Mr. Doll that States are doing this. The
private sector is doing this. The old model in the private
sector was that the person in charge of information technology
was down in the bowels of the company buying computers and
servicing them and that sort of thing.
The new model is that companies are creating CIOs that
report directly to the CEO and are partners with the CEO. Let
me quote Cisco CEO John Chambers. He recently stated, ``the
role of the top information executive has been elevated to that
of a strategic partner with the CEO and the CFO.'' Corporations
are doing that for a reason because they realize that without
transforming their own companies into digital companies,
they're going to be left behind in the marketplace. I would
argue it's time we need to do that for the Federal Government.
Thank you very much.
Mr. Horn. Well, thank you.
How long is that report that you mentioned?
Mr. Atkinson. The report that we issued, very readable, is
about 13, 14 pages.
Mr. Horn. OK. I would like to put it in the record at this
point if I might.
Mr. Atkinson. I will submit it.
Mr. Horn. Thank you very much.
[The information referred to follows:]
[GRAPHIC] [TIFF OMITTED] T4562.152
[GRAPHIC] [TIFF OMITTED] T4562.153
[GRAPHIC] [TIFF OMITTED] T4562.154
[GRAPHIC] [TIFF OMITTED] T4562.155
[GRAPHIC] [TIFF OMITTED] T4562.156
[GRAPHIC] [TIFF OMITTED] T4562.157
[GRAPHIC] [TIFF OMITTED] T4562.158
[GRAPHIC] [TIFF OMITTED] T4562.159
[GRAPHIC] [TIFF OMITTED] T4562.160
[GRAPHIC] [TIFF OMITTED] T4562.161
[GRAPHIC] [TIFF OMITTED] T4562.162
[GRAPHIC] [TIFF OMITTED] T4562.163
[GRAPHIC] [TIFF OMITTED] T4562.164
[GRAPHIC] [TIFF OMITTED] T4562.165
[GRAPHIC] [TIFF OMITTED] T4562.166
[GRAPHIC] [TIFF OMITTED] T4562.167
[GRAPHIC] [TIFF OMITTED] T4562.168
[GRAPHIC] [TIFF OMITTED] T4562.169
[GRAPHIC] [TIFF OMITTED] T4562.170
[GRAPHIC] [TIFF OMITTED] T4562.171
[GRAPHIC] [TIFF OMITTED] T4562.172
[GRAPHIC] [TIFF OMITTED] T4562.173
[GRAPHIC] [TIFF OMITTED] T4562.174
[GRAPHIC] [TIFF OMITTED] T4562.175
[GRAPHIC] [TIFF OMITTED] T4562.176
[GRAPHIC] [TIFF OMITTED] T4562.177
[GRAPHIC] [TIFF OMITTED] T4562.178
Mr. Horn. When I was a university president, I had a CIO in
1971, and I began to wonder what's the fuss, folks, we did that
20, 30 years ago on every single decision before the
university. He sat right at the management group. And it's
about time that we got some focus on that in the executive
branch.
Now, our next presenter comes with great credentials that
we all respect: William Scherlis, principal research scientist,
School of Computer Science at Carnegie Mellon University. And
Carnegie Mellon has done a marvelous job in working on just the
issues that we're concerned about, so we're delighted to have
you here.
STATEMENT OF WILLIAM L. SCHERLIS, PRINCIPAL RESEARCH SCIENTIST,
SCHOOL OF COMPUTER SCIENCE, CARNEGIE MELLON UNIVERSITY
Mr. Scherlis. Thank you, Mr. Chairman.
Mr. Chairman, Mr. Turner, Mr. Davis, thank you for the
opportunity to appear today on this issue of the definition and
role of the Federal CIO. My focus in this testimony is on
innovation in government information technology. I am
emphasizing innovation because I believe that we will not be
able to realize the vision of government online, unless there
is a new kind of leadership. Nor will we successfully address
our security challenges.
In particular I support the creation of a Federal CIO
within the Executive Office of the President who can exercise
positive leadership with respect to multiagency efforts, new
kinds of customer-focused services, innovative acquisition
processes and appropriate technological and architectural
innovation.
I'm going to make quick comments on each of these areas,
but first the bottom line, which is that the Federal CIO must
be empowered to provide this positive leadership. The
empowerment should come from direct access to funds, agency
funds which are used by the Federal CIO to leverage in order to
buy down risk for innovative projects, for multiagency
projects, and for exploratory projects. The process would be
led by the Federal CIO, but administered and managed in
individual agencies by agency CIOs. This would enable the
Office of the Federal CIO to be a lightweight operation within
the EOP along the lines envisioned in both of the proposed
bills, H.R. 4670 and H.R. 5024.
Why do we need this positive leadership? We need it in
order to respond to several challenges. The first is customer-
targeted services and multiagency efforts. Starting and
managing a small business, for example, requires an
entrepreneur to interact with multiple agencies--in the present
regime--and to develop a deep knowledge of the roles and
structure of those agencies involved. It would be much more
effective to offer one-stop shopping, and this is now being
done in many States. The State of Washington, for example, has
a superb Web site. This kind of one-stop shopping is also
offered through emerging Federal sites, such as seniors.gov,
students.gov, fedstats.gov and many others.
These sites illustrate the value of real customer focus,
but they also demonstrate, in the way that they are managed the
challenges of real cross-agency interaction. An important role
for a Federal CIO will be to lead in defining these areas of
customer focus and in forging partnerships among agencies to
enable better targeting of services. These are aggregations of
services that go beyond a simple bundling of the stovepipes
that we've been talking about.
The second challenge is the rapid evolution of technology.
Moore's law shows no signs of being repealed. Software is
becoming the principal building material for competitive
advantage in many sectors, ranging from health care to banking
and other sectors.
As you know, the Federal Government has a principal role in
long-term innovation in information technology starting as
early as the 1890 census with Hollerith's punched cards. I am
presently chairing a National Research Council committee that
is looking at advanced information technology in government.
We've issued two reports on crisis management and Federal
statistics identifying a number of long term technical
challenges. We are completing a final report that is more
broadly focused and that addresses some of the issues that we
are considering today.
Mission agencies with organic research capability have
developed a culture of IT innovation to help ensure that their
special needs are addressed over the long term and also that
they can respond rapidly to new challenges, for example, in the
security area. A Federal CIO could help create this culture of
innovation throughout the government.
A third challenge is the overall mechanism by which we
undertake and manage IT acquisitions. Consider the case of a
major Internet portal--commercial or governmental: Requirements
are unlikely to be fully clear at the outset. The underlying
technologies are evolving rapidly. And the capability, once we
deliver it, will need to continue evolving rapidly. The
security environment, for example, is complex and continually
changing.
Although I am not an expert in acquisition processes and
regulations, it is clear that the present mechanisms and
culture remain oriented around what is called the waterfall
model. This model is not well-adapted to experimentation or
prototyping or other forms of focused, careful risk-taking.
Program managers often seem to resist the use of more
aggressive acquisition models including those already available
in the Clinger-Cohen Act; for example, modular acquisition and
the use of commercial off-the-shelf components. Why? Because
they have strong incentives to meet schedules and costs--to
make these as predictable as possible and risk at a minimum--
even when it comes at a cost of overall capability,
flexibility, interoperability, and other less easily measured
attributes.
The Federal CIO should have a major role in helping agency
CIOs structure incentives--and regulations where appropriate--
to facilitate risk-managed acquisition processes.
My written testimony addresses several other areas where
this Federal CIO could provide this positive leadership.
I would like to conclude by saying that I support the
concept of a Federal CIO who can provide this positive
leadership and who can catalyze effective--and pervasive--
government response to both the challenges and the
opportunities of delivering government online. Thank you very
much.
Mr. Horn. Thank you very much.
We appreciate--I would like to have a definition before we
leave you of the waterfall concept. Is that when you put
somebody in the barrel, and they go over Niagara Falls? Just so
we can get bureaucracy cleared up today because we will have
two asterisks that I've gained. So I do not regard this as
something I have cared not to do. I am very interested in doing
it, and you have all been memorable. So it will be the Scherlis
law and the Flyzik law.
Tell me about the waterfall.
Mr. Scherlis. The waterfall model is a term that refers to
a traditional step-by-step acquisition model. First a process
is undertaken to initially formulate a precise definition of
the system requirements. This is a process that sometimes can
take years. After this is complete, then contracts are let and
development processes are undertaken, followed by test and
evaluation and ultimately delivery. But by the time the
capability is delivered, the world has evolved and the
requirements have changed, even assuming they were correctly
identified at the outset.
That's the waterfall model. It is a model that works well
only for classes of systems that we have already developed
successfully. It does not work well for systems that have even
mildly innovative character.
Mr. Horn. Having spent part of my life for 22 years at one
university, I now think that even the Federal Government looks
efficient. But I think you would agree on that. Things take a
lot longer in the university. OK.
Our last presenter and one individual who is very well
known to this committee, and we appreciate all he's done for
this subcommittee over the last 5 to 6 years, Dwight Ink is
President Emeritus of the Institute of Public Administration.
He was a former Assistant Director for Executive Management in
the Office of Management and Budget from 1969 to 1973. A highly
respected civil servant, he was taken by various Presidents to
clean up this agency and that agency and another one.
So we welcome your thoughts, Mr. Ink. You've got--I will
give you 6 minutes.
STATEMENT OF DWIGHT INK, PRESIDENT EMERITUS, INSTITUTE OF
PUBLIC ADMINISTRATION, FORMER ASSISTANT DIRECTOR FOR EXECUTIVE
MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET (1969-1973)
Mr. Ink. Thank you, Mr. Chairman, Mr. Turner and Mr. Davis.
It's a pleasure to be here. By the way, I didn't think the
waterfall approach ever worked very well.
In summary, I believe the sponsors of these bills are
correct in searching for ways in which to strengthen the
information technology leadership capacity of our government. I
do not believe these bills, however, provide the best way of
achieving those goals, and, in fact, I think they may weaken
what the sponsors are trying to accomplish. I would also urge
that the committee look at this issue as well as others from
the total Presidential perspective and the total congressional
perspective rather than just IT. Otherwise I think we
contribute to further growth of a stovepipe approach to
government.
First, as was said at the beginning of these hearings, IT
certainly should be regarded as an integral part of the agency
administrative and program activities. It is really the glue
that connects everything else people do in government. So one
of our goals, it seems to me, should be to search for ways to
better integrate information technology with other management
and program activities.
I believe establishing a Federal Chief Information Officer
that is freestanding and separate from other elements of
management leadership will work against the need for
integration.
I also have some questions about the feasibility of some of
the separation that is contemplated. For example, there are
several paperwork reduction functions that are transferred out
of OMB to this new office, and yet the basic tools for dealing
with red-tape-cutting remain in OMB. So if these bills are
passed, the leadership for cutting red tape is divided between
two agencies, and I think that tends to result in nibbling at
problems rather than reforming government processes.
I think that fragmenting central management
responsibilities inevitably creates unnecessary burdens for the
agencies. Again, this is part of your stovepipe problem that
was mentioned earlier.
I believe this separation not only weakens IT over the long
haul, it weakens other management functions. In my view, the
more we establish organizational barriers among different
fields of management, the less one area will benefit from the
other, the less synergistic value we gain, and the more we
handicap the President and the agencies in modernizing
government.
I would also ask the question if it should be regarded as
necessary to have a freestanding IT unit in the Executive
Office of the President, should we not do the same with respect
to financial management, an extremely important area? What
about procurement? What about program management? Everyone
wants to be independent and report to the President, but in my
view, this is the road to confusion, higher cost, managerial
chaos and, again, stovepipe government.
I do not see the freestanding IT office as having the
capacity to provide the strong leadership that I know Mr.
Davis, and Mr. Turner are seeking. People tend to assume that
any office that reports directly to the President, especially
if they are within the Executive Office of the President, has
muscle, but this is simply not true. I know. I've been there.
In fact, it is difficult for any organization to gain
sustained attention on management issues because there are so
many competing pressures within the Executive Office of the
President. The OMB uses the leverage of the budget to help on
issues directly related to the budget, but other management
issues have great difficulty in competing with the budget
pressures in OMB. A freestanding IT would have not even the
budget leverage.
In discussions about a separate Office of Management which
have taken place in this committee, we've listed a series of
elements of that office which we believe are absolutely
necessary to provide the leverage needed to provide effective
leadership on behalf of the President. I don't see any of those
levers present in this separate IT. Without these levers, an
Office of Management, I think, would not be wise, strongly as I
support the concept. I believe a more narrowly based,
freestanding IT would be even more impotent. Even with a
structure separating these two, there would have to be some
relationship to OMB. But who would coordinate IT and OMB? I
mentioned other problems in my testimony.
Although I do not support a freestanding IT, I do agree
with the sponsors that it is desirable and, very important to
take steps to enhance the IT leadership structure. This is one
of the reasons I support the Office of Management which has
been under consideration by this committee. The OMB leadership
is hard pressed by complex annual budget and economic issues,
and its leadership simply does not have the time to provide the
focus and the energy that IT leadership requires in this day
and age. An Office of Management would provide this leadership
focus. It would provide the integration, and avoid the
fragmentation of an isolated IT office.
In summary, I believe an Office of Management, given the
necessary leverage, would be a much better solution to what I
agree is a need for greater IT leadership capacity. It would
have the leverage and avoid isolating IT from other components
of management leadership. Though I think these bills would have
unfortunate unintended consequences that would run counter to
the intent of the sponsors, I do agree with the sponsors on the
need for change. I just think there's a better way to achieve
their objective. Thank you.
Mr. Horn. Thank you very much.
[The prepared statement of Mr. Ink follows:]
[GRAPHIC] [TIFF OMITTED] T4562.179
[GRAPHIC] [TIFF OMITTED] T4562.180
[GRAPHIC] [TIFF OMITTED] T4562.181
[GRAPHIC] [TIFF OMITTED] T4562.182
[GRAPHIC] [TIFF OMITTED] T4562.183
Mr. Horn. That's very helpful testimony, and I can tell
you've--given the preciseness within your paper, that you've
spent a lot of your life on trying to get to the essence of a
problem. So we're grateful that you've come from various States
where you're now living and giving us some wisdom. So we thank
you.
We now have the questioning. The gentleman from Texas Mr.
Turner, 5 minutes for questioning, and then Mr. Davis.
Mr. Turner. Thank you, Mr. Chairman.
We appreciate the testimony that each of you has given us,
and I think it is apparent to us that every witness on the
panel, perhaps with the exception of Ms. Katzen and Mr. Ink,
have advocated a Federal CIO. We all respect that there is a
clear issue we must correctly address as to how it should be
structured.
That is not to say that we should not address it within the
context of the remarks Mr. Ink made. And I know Mr. Ink has
been an advocate of separating the Office of Management and
Budget into two entities with a Director of the Budget and a
Director of Management, but it does seem that at least as we
look to the private sector, the private sector has recognized
the importance of having a chief CIO who works with the CEO and
the CFO.
I might ask, Mr. Scherlis, if you wouldn't mind commenting
on the CIO in the context of the remarks Mr. Ink made as to
where you think the structure should be in order to perhaps
accommodate the kind of concerns that we just heard expressed
from Mr. Ink, who definitely has a vast experience in the
Federal Government.
Mr. Scherlis. I enjoyed and appreciate his remarks, but I
am unfortunately not familiar with the recommendations that
were voiced here earlier concerning the concept of a separate
Office of Management. But pertinent to the issue is the recent
report released by the President's IT Advisory Committee on
August 31 concerning transforming the government through
information technology. It recommends creation of a new office
within OMB called the Office for Electronic Government [OEG],
with strong senior leadership. Although the concept of the
Federal CIO is not explicit, the recommendations that we're
talking about today are consistent with the recommendations of
that report.
The reason for separating the OEG from the OIRA within OMB
is to create a focus of positive leadership that is separate
from regulation and policy. There are many roles that are now
being bundled together in one organization, and some separation
of those roles is appropriate.
On the basis of comments of Mr. Ink today, I believe that
the recommendations that I've voiced are consistent with his
comments.
Mr. Turner. Mr. Atkinson, do you have an observation here?
Mr. Atkinson. Yes, The major point I would want to stress
after listening to Mr. Ink's comments is that information
technology is fundamentally different. This is to me the
central mission, the central challenge facing the Federal
Government today, and it will be the central challenge for this
decade, just as when we made this last major transformation
from an old economy to a new economy back in the 1930's and
1940's, and we created all new management structures in the
Federal Government. I think this is just as equally a major
transformation. This is about creating a fundamentally new
economy, a digital economy, and it's creating a fundamentally
new type of government.
And I don't think that the existing structure of OMB or
even in the Office of Management is suited to do that because
the key to all of this is digital reinvention, and I think the
core of that has got to be someone who is a CIO, who has that
as their sole mission.
The second point would be I think Mr. Ink mentioned we need
to think beyond IT. I couldn't agree more. We need think beyond
IT. That's why I think the CIO--if the CIO is just a glorified
computer systems manager, then we won't think beyond IT. But if
you think where the States are, most of the States' CIOs, when
you listen to what they have to say, they're the ones that are
arguing--all their language is about cross-cutting
applications, breaking down barriers between bureaucracies and
agencies who don't want to do that. And I think that's why the
CIO is central to making all this happen.
Mr. Turner. Mr. Rummell, I would like to hear your comments
on it. I heard you say at the beginning of your testimony
you've been working in the IT field for 30 years. One of the
things I see lacking today in OMB is anyone with the
background, the experience, the expertise to really move us
forward aggressively in IT, but perhaps you would have some
comments to share on the subject?
Mr. Rummell. First of all, when I started with the Federal
Government of Canada, I went on a whistle-stop tour of the
departments and talked to the heads of the departments and
agencies and the heads of the technology function of the
departments. And I asked them what they were looking for from
me as the new CIO for the government, and they said to me,
leadership. And that surprised me, being in the land of
leaders, because I suspected that all these people were leaders
by themselves, but they really were looking for my leadership.
They also were looking for us to provide the strategic
direction; that was an overall context to take it from a
50,000-foot elevation right down to ground level, and provide
direction with large projects that were in trouble, to provide
for e-government initiatives to coordinate and deliver
services, and from the things that we put into place, we made a
lot of progress. There was a lot of frustration. We really
provided focus, and I think we provided a very solid
operational plan, and I think that's what I was able to
accomplish is that focal point.
Mr. Turner. Thank you.
Mr. McClure, when you look at the existing structure of
OMB, is there anyone there who by education or background is
uniquely qualified to fill this role today or--and I guess I
might ask you is there anyone over there who has that as their
sole responsibility?
Mr. McClure. No. I think that highlights the concerns that
I raised in my testimony, Mr. Turner. The Deputy Director for
Management created by the CFO Act wears many, many hats, both
the Chief Financial Officer, general management functions,
statistical policy, procurement. The list is quite long in
terms of overall management responsibilities of the Deputy
Director for Management.
Similarly in OIRA, the OIRA Administrator is really focused
heavily in terms of resources on information collection
requests, on burden reduction reviews and on calculating the
cost and benefits from Federal regulations. So a lot of the
staff in OIRA are focussed on these issues as opposed to the
IRM or IT issues. So as a result we don't have someone in OMB
full time focused, I would argue, on some of these important IT
issues.
Mr. Turner. Thank you.
Thank you, Mr. Chairman.
Mr. Horn. The gentleman from Virginia Mr. Davis.
Mr. Davis. Thank you. I also want to extend my thanks to
all the panelists.
Mr. McClure, let me go back and ask you a question that I
asked Ms. Katzen earlier. I asked if she could describe the
leadership role that OMB has displayed in the past in
defining--in managing interagency items. I am not just speaking
of money items, but managing IT resources. How do you think OMB
has kept track of those initiatives so that responsive
decisions could be made when projects aren't working and should
be halted or when a new direction should be taken?
Mr. McClure. Mr. Davis, I think since the passage of
Clinger-Cohen, to its credit OMB has certainly stepped up to
the plate with some specific guidance, better guidance in many
areas, for the agencies, in architecture, investment control,
capital planning. We've worked actually with OMB in revising
some of the guidance. I think the question for OMB is how to
use the information that results from that new guidance to make
really tough decisions about stopping, delaying, canceling or
even accelerating good Federal IT programs, and that, I think,
is where the jury is out.
The fortitude of OMB to be able to step up to the plate and
stop projects has not always been clearly demonstrated, in our
opinion.
Mr. Davis. Mr. Flyzik, let me ask you a question. Can you
give me any recommendations that have been made by the CIO
Council that have been implemented by OMB?
Mr. Flyzik. What OMB has been doing with us, sir, is
working to facilitate our recommendations. We do have a whole
list of things that we have moved on, and moved quite quickly
on. We have a whole lineup of interagency activities. The
FirstGov project comes to mind; our public key infrastructure
in the bridge certificate authority that enables digital
signatures to really happen; the Access America series, Access
America for seniors and students. We have a number of wireless
initiatives. We have the Federal Commons Project, the
Enterprise Project. They are supporting us on the concept of
ITPS, or the information technology portfolio system, which
will give us a common platform for building IT portfolios
across government.
The OMB role has evolved to one that I think has been
working well. In the beginning, I guess, the Council went
through kind of a bonding process, trying to figure out who we
are and what we're going to do. I think we've moved over time
into more of a leadership role where OMB is giving us support
to move forward on projects and is listening and working with
us.
Mr. Davis. So as far as information resources management
goes, you think that OMB is handling this, this statutory
authority, is handling it well?
Mr. Flyzik. I think it's evolving well under the guise of
Clinger-Cohen. I do believe we're moving in a very, very
positive direction. OMB is supporting us.
As you're well aware, the Council does not have authority
to issue policy. OMB does. What we do is we've been working
with OMB in situations where we need policy guidance.
Mr. Davis. Right. But can you give me a specific
recommendation that you've made to them?
Mr. Flyzik. We have Internet use policy. We're working on
privacy policy now. We have a dialog ongoing on our Internet
privacy issues and a number of things along those lines.
Mr. Davis. Mr. McClure, do you have any observations on
that?
Mr. McClure. I think, as I said earlier, I agree with Mr.
Flyzik that the role of OMB has changed under the recent
passage of laws. They had tremendous responsibilities for not
only issuing guidance, but also oversight responsibilities for
major IT projects in the Federal Government. So, again, I
return to the point, OMB should not be totally focused on
justification for projects in the Federal budget. It also
should play a role in stepping up and helping control projects
that are out of line in terms of cost, schedule and
performance.
And in that area, again, I think that the track record is
not what we would like to see it to be.
Mr. Davis. Mr. Doll, let me ask you a question: In States
where the CIO has multiple bosses, reports to one or more
cabinet secretaries, what's their experience in achieving an
integrated and coordinated information resources management
policy?
Mr. Doll. Where States' CIOs deal with multiple entities to
get the job done, because of the typically high level, whether
it's to the Governor's staff in addition to some council, or
other entity that controls, again, it's a statewide
implementation and application of technology across the State.
And I think that's truly what the key is, because unless
they're inserted at a level in the organization that's looking
at IT as an entity in a field that helps make vision reality,
then that's where they can have impact.
Most States have put IT up there with human resources,
financial management, administration, services that are used to
make the vision of a Governor happen. And whether that is put
through some committee or some special commission that a
Governor has established or to the Governor directly, it's
really that orientation of saying that to make the vision of
education, whether that may be in a State or make the vision of
economic development happen, that what you're trying to do is
align this information technology world to see that as a
reality.
Mr. Davis. Mr. Atkinson, let me ask you a question: You
make a strong case for the need for a strong centralized leader
to achieve a digital Federal Government. What, in your opinion,
are the flaws in current structure placing IRM responsibilities
with OMB? Ms. Katzen seems to conclude that instead of a
Federal CIO, OMB should have a strengthened role. How do you
respond to that?
Mr. Atkinson. Well, I think a major reason I would say
that, is that I don't think that would achieve what you all are
wanting to achieve and others are wanting to achieve. OMB is
responsible, as Mr. McClure mentioned, for so many other
things. And I don't think it would give the leadership that,
for example, Ms. Katzen provided on the Y2K issue where it is
much broader than that. Let me just mention another example. A
lot of what I think digital government is about frankly is the
details. And let me just mention one--Students.Gov--which is a
portal for students. It's a very good effort, it's a great
effort, and the people who developed it should be commended.
The problem is with Students.Gov, though, it's what other
agencies are doing. For example, in the Department of
Education, they have their own Web site designed around
students. On Students.Gov, you can apply for a student loan
online. On the Department of Education Web site, you can't
apply for a student loan online. There's no link back to
Students.Gov.
I can give you many more examples like that. What I think
they're a reflection of is agencies doing their own thing. Even
when they can get together with a portal like Students.Gov, you
still have agencies doing their own thing. That's why it
requires centralized leadership--will drill down into that
level of detail to make it a much more coordinated system.
Mr. Davis. Thank you very much. Mr. Chairman, I yield back
and thank the panel for their indulgence.
Mr. Horn. I thank the gentleman. And I don't believe the
gentleman from Texas has any more questions. I have just one or
two. And Mr. McClure, I don't want to put you on the hot seat,
but the question is this: Of the two bills being considered,
which one is closest to what you would consider to be a Federal
chief information officer's role, responsibilities and
empowerment as far as GAO feels is their recommendation?
Mr. McClure. The seat is very hot, Mr. Chairman. Especially
with both members present.
Mr. Horn. I don't know how it's going to come out either,
but I thought we'd like your views on it. But you did a great
report there.
Mr. Davis. We're not taking names.
Mr. McClure. I just want to reiterate that both of them
have positive characteristics. There's no reason why things
that are in both bills could not ultimately be combined or
considered together. I think the real question is whether this
position is inside or outside of OMB. That seems to be the
drawing distinction. There are clear advantages for having the
CIO outside of OMB and contained within the executive branch.
Because of many of the reasons that we went over today, it
avoids the problem of multi-hatted responsibilities within the
Office of Management and Budget.
Having said that, it also creates, as many people have
said, tremendous risk in that you're removing that budget lever
from the chief information officer. I don't think that's
necessarily true and it's certainly not true in private sector
and public sector CIOs who do not have budget control either.
They simply have to come to the table and work with those
individuals that have budget control and the two combined can
pull that lever.
And I think that's the attraction that these bills have is
they free up time for somebody to focus full time on such
issues like electronic government and security at a time
desperately where we need that kind of attention. It also
allows them to sit at the table with the Director of OMB and
have some very frank input on some budget directions and budget
control.
So I think, again, I've avoided answering directly, but I
think that's the positives that I see in both bills.
Mr. Horn. Mr. Doll, if I might, let me try this question
out on you, and you probably don't have the answer, but maybe
you do. A number of Governors change every once in a while
based on the election. Have you found that the chief
information officer of a State is carried on by another
Governor, or do they have to sort of be partisan in relation to
the Governor? What's your sort of off-the-top-of-the-head view
of that.
Mr. Doll. Well, to give you a scope, we've lost 16 CIOs
this calendar year for one reason or another. Most going to the
private sector. A number of those tied to the fact that this is
the last year of the Governor's term. So we expect in the
future that you will get this turn over. I think it's critical
that the CIO be aligned to the Governor so that his or her
vision can be carried out. And not someone who as you
mentioned, will be able to sort of pass from administration to
administration. Yes there is value in that, but the rest of the
civil service below that level is typically there year after
year, term after term. The key part to us at least in talking
with my colleagues is making vision reality and applying
information technology to that. And you have to be close and
have the same orientation as that Governor to be successful in
my mind.
Mr. Horn. Mr. Rummell, I really have the same question in
relation to the Canadian Government. When there were turnovers,
did the CIOs in the agencies change or what?
Mr. Rummell. There have been changes, again we've kept the
same government so there haven't been political changes. There
certainly have been no new CIOs appointed or rotated based upon
the changes in the heads of agencies. I guess one of the other
things that we had too, if I could make another comment, that
was a terrific feature started in our government was agency
heads would meet at a committee on information technology
issues. They took a role of very active sponsorship and met at
least once a month for 1 to 2 hours, and discussed cross-
cutting IT initiatives across the agencies and departments and
the Canadian Government, and that really raised the level of
sponsorship for the CIOs and for initiatives that were
providing overall services to the public. So that's where I
think we were also able to make a difference. Thank you.
Mr. Horn. Well, thank you. I want to thank this panel.
Mr. Ink. Mr. Chairman, could I make one rebuttal comment?
Mr. Horn. OK.
Mr. Ink. I think the States provide excellent ideas,
excellent examples in many areas of governmental activity. You
look at welfare reform, for example, they were well ahead of
the Federal Government. And I think in terms of information
technology, as it relates to the delivery services, States have
a lot to offer. But I wanted to tell you there is a tremendous
difference between operations within a Governor's office and
that within the President's office. The leap in terms of
pressures and the difficulty of having a workable base which
will provide the strength for leadership is entirely different.
Look at the West Wing program. I was thinking yesterday about
the daily meetings I used to participate in with the top White
House staff. Had I had responsibilities for only information
technology or only procurement or only financial management, I
wouldn't have been there, much less have had a voice at the
table. Separate IT isolated from these other responsibilities
will not have a voice at the table. Much as people might wish
it otherwise, I think that's the fact of life, that's the way
the President's office functions.
Mr. Horn. Well, we thank you for that. We thank you also
for coming on less than 24 hours' notice. And----
Mr. Ink. Much less.
Mr. Horn. Much less. I think all of your testimony has been
very helpful and I'm grateful to you. I think some of the
charts all of you provided was also very helpful. Staff on both
sides might wish to have some questions sent out to you, and if
you would take some time and give us a couple of answers, we'd
like to put them at this point in the records if there's some
we've missed or there's something you'd like to get on the
record.
But right now I'm going to thank our staff who put all this
together: J. Russell George, staff director, chief council of
the subcommittee; gentleman to my left, your right is Randy
Kaplan, council to the committee, and he's worked on this
particular hearing; and yesterday Ben Ritt, professional staff
member on loan to us from the General Accounting Office, which
always has good people and we're glad to use them; Bonnie
Heald, director of communications; Bryan Sisk, clerk; Elizabeth
Seong, staff assistant; George Fraser, intern; and from Mr.
Turner's staff, Trey Henderson counsel, he's on his right; and
Jean Gosa, minority clerk. And Mr. Davis' staff, Amy Heerink,
we know how good she is on a lot of these things, and Melissa
Wojciak. Then our court reporters are Julie Thomas and Colleen
Lynch, and we thank you very much. And we adjourn the meeting.
[Whereupon, at 12:16 p.m., the subcommittee was adjourned.]
�