[House Hearing, 106 Congress]
[From the U.S. Government Printing Office]





   ESTABLISHING A FEDERAL CIO: INFORMATION TECHNOLOGY MANAGEMENT AND 
                ASSURANCE WITHIN THE FEDERAL GOVERNMENT

=======================================================================

                                HEARING

                               before the

                 SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
                      INFORMATION, AND TECHNOLOGY

                                 of the

                              COMMITTEE ON
                           GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED SIXTH CONGRESS

                             SECOND SESSION

                               __________

                           SEPTEMBER 12, 2000

                               __________

                           Serial No. 106-261

                               __________

       Printed for the use of the Committee on Government Reform


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform

                   U.S. GOVERNMENT PRINTING OFFICE
74-562                     WASHINGTON : 2001


_______________________________________________________________________
 For sale by the Superintendent of Documents, U.S. Government Printing 
                                 Office
Internet: bookstore.gpo.gov  Phone: (202) 512-1800  Fax: (202) 512-2250
               Mail: Stop SSOP, Washington, DC 20402-0001


                     COMMITTEE ON GOVERNMENT REFORM

                     DAN BURTON, Indiana, Chairman
BENJAMIN A. GILMAN, New York         HENRY A. WAXMAN, California
CONSTANCE A. MORELLA, Maryland       TOM LANTOS, California
CHRISTOPHER SHAYS, Connecticut       ROBERT E. WISE, Jr., West Virginia
ILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York
JOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York
STEPHEN HORN, California             PAUL E. KANJORSKI, Pennsylvania
JOHN L. MICA, Florida                PATSY T. MINK, Hawaii
THOMAS M. DAVIS, Virginia            CAROLYN B. MALONEY, New York
DAVID M. McINTOSH, Indiana           ELEANOR HOLMES NORTON, Washington, 
MARK E. SOUDER, Indiana                  DC
JOE SCARBOROUGH, Florida             CHAKA FATTAH, Pennsylvania
STEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland
MARSHALL ``MARK'' SANFORD, South     DENNIS J. KUCINICH, Ohio
    Carolina                         ROD R. BLAGOJEVICH, Illinois
BOB BARR, Georgia                    DANNY K. DAVIS, Illinois
DAN MILLER, Florida                  JOHN F. TIERNEY, Massachusetts
ASA HUTCHINSON, Arkansas             JIM TURNER, Texas
LEE TERRY, Nebraska                  THOMAS H. ALLEN, Maine
JUDY BIGGERT, Illinois               HAROLD E. FORD, Jr., Tennessee
GREG WALDEN, Oregon                  JANICE D. SCHAKOWSKY, Illinois
DOUG OSE, California                             ------
PAUL RYAN, Wisconsin                 BERNARD SANDERS, Vermont 
HELEN CHENOWETH-HAGE, Idaho              (Independent)
DAVID VITTER, Louisiana


                      Kevin Binger, Staff Director
                 Daniel R. Moll, Deputy Staff Director
                     James C. Wilson, Chief Counsel
                        Robert A. Briggs, Clerk
                 Phil Schiliro, Minority Staff Director
                                 ------                                

   Subcommittee on Government Management, Information, and Technology

                   STEPHEN HORN, California, Chairman
JUDY BIGGERT, Illinois               JIM TURNER, Texas
THOMAS M. DAVIS, Virginia            PAUL E. KANJORSKI, Pennsylvania
GREG WALDEN, Oregon                  MAJOR R. OWENS, New York
DOUG OSE, California                 PATSY T. MINK, Hawaii
PAUL RYAN, Wisconsin                 CAROLYN B. MALONEY, New York

                               Ex Officio

DAN BURTON, Indiana                  HENRY A. WAXMAN, California
          J. Russell George, Staff Director and Chief Counsel
                  Ben Ritt, Professional Staff Member
                           Bryan Sisk, Clerk
                    Trey Henderson, Minority Counsel


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on September 12, 2000...............................     1
Statement of:
    Atkinson, Robert D., director, technology & new economy 
      project, Progressive Policy Institute......................   180
    Doll, Otto, Commissioner, Bureau of Information & Technology, 
      State of South Dakota, president, National Association of 
      State Information Resources Executives.....................   129
    Flyzik, Jim, Deputy Assistant Secretary, Information Systems, 
      Chief Information Officer, U.S. Department of the Treasury, 
      vice chairman, Chief Information Officers Council..........   114
    Ink, Dwight, president emeritus, Institute of Public 
      Administration, former Assistant Director for Executive 
      Management, Office of Management and Budget (1969-1973)....   212
    Katzen, Sally, Deputy Director for Management, Office of 
      Management and Budget......................................     6
    McClure, David, Associate Director, Governmentwide and 
      Defense Information Systems, U.S. General Accounting Office    17
    Rummell, Paul E., president and chief executive officer, RLG 
      Netperformance Inc., former chief information officer for 
      the Government of Canada...................................   173
    Scherlis, William L., principal research scientist, School of 
      Computer Science, Carnegie Mellon University...............   210
Letters, statements, etc., submitted for the record by:
    Atkinson, Robert D., director, technology & new economy 
      project, Progressive Policy Institute, report entitled, 
      ``Digital Government, the Next Step to Reengineering the 
      Federal Government,''......................................   183
    Doll, Otto, Commissioner, Bureau of Information & Technology, 
      State of South Dakota, president, National Association of 
      State Information Resources Executives, prepared statement 
      of.........................................................   132
    Flyzik, Jim, Deputy Assistant Secretary, Information Systems, 
      Chief Information Officer, U.S. Department of the Treasury, 
      vice chairman, Chief Information Officers Council, prepared 
      statement of...............................................   118
    Ink, Dwight, president emeritus, Institute of Public 
      Administration, former Assistant Director for Executive 
      Management, Office of Management and Budget (1969-1973), 
      prepared statement of......................................   215
    Katzen, Sally, Deputy Director for Management, Office of 
      Management and Budget, prepared statement of...............    10
    McClure, David, Associate Director, Governmentwide and 
      Defense Information Systems, U.S. General Accounting 
      Office, prepared statement of..............................    19
    Rummell, Paul E., president and chief executive officer, RLG 
      Netperformance Inc., former chief information officer for 
      the Government of Canada, prepared statement of............   175

 
   ESTABLISHING A FEDERAL CIO: INFORMATION TECHNOLOGY MANAGEMENT AND 
                ASSURANCE WITHIN THE FEDERAL GOVERNMENT

                              ----------                              


                      TUESDAY, SEPTEMBER 12, 2000

                  House of Representatives,
Subcommittee on Government Management, Information, 
                                    and Technology,
                            Committee on Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10 a.m., in 
room 2154, Rayburn House Office Building, Hon. Stephen Horn 
(chairman of the subcommittee) presiding.
    Present: Representatives Horn, Davis, and Turner.
    Staff present: J. Russell George, staff director/chief 
counsel; Randall Kaplan, counsel; Ben Ritt, professional staff 
member (GAO); Bonnie Heald, director of communications; Bryan 
Sisk, clerk; Elizabeth Seong, staff assistant; George Fraser, 
intern; Trey Henderson, minority counsel; and Jean Gosa, 
minority assistant clerk.
    Mr. Horn. A quorum being present, this hearing of the 
Subcommittee on Government Management, Information, and 
Technology will come to order.
    While we're having you all stand why don't we take the oath 
of office, as you know, for your testimony.
    [Witnesses sworn.]
    Mr. Horn. The clerk will note that all of the witnesses 
have affirmed the oath.
    I'll now make an opening statement, followed by the ranking 
member, the gentleman from Texas, Mr. Turner; and then we'll go 
down the line.
    I might say to you what we said to the witnesses yesterday, 
you put wonderful statements in before us. We and the staff 
have had a chance to read it; and we're very grateful to you 
for--especially some of the ones that are out of town here. I 
think with the CIOs at the States that was very useful 
information. But we'd like you to summarize it in 5 minutes. 
Because what we want is a dialog here between the Members and 
between you. That way we get the best information out of it. So 
try to think about what are your key points after we start the 
opening statement.
    Yesterday, this subcommittee examined the government's 
efforts to protect its computers and the sensitive information 
they contain. We heard testimony from the General Accounting 
Office that widespread deficiencies in computer security exists 
at a large number of Federal departments and agencies. Some of 
the problems include poor implementation of policy and 
procedures and the lack of a coordinated security program among 
the departments and agencies.
    Within recent memory two government agencies, the Federal 
Aviation Administration and the Internal Revenue Service, 
wasted more than $7 billion on huge new computer systems that 
were ultimately scrapped because they could not deliver the 
services that it promised. Taxpayers cannot afford to have 
those management mistakes and the flagrant losses repeated.
    We will examine two bills today that would establish a 
Federal Chief Information Officer and centralize management of 
the government's vast information resources: H.R. 4670, 
introduced by the subcommittee's ranking minority member, 
Representative Jim Turner of Texas; and H.R. 5024, introduced 
by subcommittee member Representative Tom Davis from Virginia.
    I look forward to learning more about both proposals, and 
I'd like to welcome our witnesses today and look forward to 
their testimony.
    I now yield time for an opening statement from the 
gentleman from Texas, Mr. Turner.
    Mr. Turner. Thank you, Mr. Chairman. I want to thank you 
for allowing us to have this hearing on this issue that I think 
is of utmost importance.
    The information technology revolution of the last decade 
has had, as we all know, a profound impact on almost all 
aspects of our society. While the private sector has been quick 
to capitalize on the new opportunities created by the digital 
revolution, it is widely acknowledged that the Federal 
Government is behind the curve. The fact is, information 
technology offers as much to our government as it does to the 
private business. Among other advantages, it will allow us to 
literally put government at the fingertips of our citizens. A 
working e-government will mean that citizens can finally go 
online quickly and easily, instead of spending hours standing 
in long lines or waiting on hold to get the answers they need 
from government.
    E-government can make government more customer friendly 
and, if we do it right, more cost-effective, saving millions of 
dollars for our taxpayers.
    The information technology revolution also presents the 
Federal Government with one of the greatest management 
challenges we have ever seen. There is no doubt, however, that 
here in Washington we can misspend large amounts of money in 
incorrectly addressing the challenge. Just yesterday this 
subcommittee held a hearing on computer security, and numerous 
witnesses stressed the need to have cross-agency initiatives 
put in place rather than rely on each separate agency to 
duplicate the investment in finding solutions.
    With the enactment of the Clinger-Cohen Act in 1996, all 
individual Federal agencies have a CIO, but the Federal 
Government as a whole does not. As the individuals responsible 
for providing information technology advice and policy 
recommendations, developing and facilitating information 
systems as well as evaluating and assessing those systems, the 
Federal Chief Information Officers play an essential role in 
fostering a digital government. The role of the agency CIOs has 
been very positive. However, because of a lack of central 
authority and funding, there is little agency coordination when 
it comes to establishing crosscutting digital government 
applications.
    We hear a lot today about the digital divide. In the 
Federal Government there is a different kind of digital divide 
where each separate agency pursues the application of 
information technology without the benefit of significant 
government wide leadership.
    In an effort to close the Federal Government's digital 
divide I've introduced H.R. 4670, which would create a 
framework for a Federal Chief Information Officer located in 
the Executive Office of the President. The position would 
report directly to the President and direct the process of 
developing an aggressive digital government conversion plan. He 
or she would have a small staff and a budget independent of 
individual agencies to help drive the next generation of 
digital government, much of it involving cross-agency 
applications.
    The Federal CIO would also take the lead in shaping the 
administration's policy regarding the Internet and computer 
security. The Federal CIO would select the best ideas for e-
government, develop pilot programs and test them in selected 
agencies and establish priorities for the application of 
information technology to improve government. The Federal CIO 
would be the lead coordinator to forge stronger digital 
partnerships with State and local governments.
    I commend the chairman for having this hearing; and I 
commend my colleague, Tom Davis of Virginia, who has introduced 
his own bill on this topic.
    I realize that there are issues surrounding where the 
Federal CIO will be located and what specific statutory 
authority he or she may be given. This discussion requires 
careful consideration of the current statutory responsibility 
of the Office of Management and Budget and an analysis of the 
current role of the OMB's Deputy Director for Management, who's 
here today. We appreciate the good work and input that Ms. 
Katzen has given us and OMB's Office of Information and 
Regulatory Affairs.
    OMB's budget and oversight role over all executive 
functions clearly includes information technology, and it is 
not my intent to fail to acknowledge the fine work the office 
has done. Rather, with this legislation I seek to enhance the 
capability for leadership and the effective and timely 
application of information technology to government.
    There are several points that I believe are essential to 
the success of a Federal CIO. These include a high-profile 
leadership role to elevate the visibility and focus of 
information technology and who reports directly to the 
President.
    Second, the establishment of a good working relationship 
with OMB and the Federal agency CIOs.
    And, third, direct access to funds to ensure the capability 
to carry out meaningful initiatives.
    This hearing affords the first opportunity in this Congress 
to consider the concept of a Federal CIO. Both Presidential 
candidates have publicly expressed their support for a new 
position with a defined focus on e-government. This is clearly 
an idea whose time has come. It is my hope that this hearing 
will move us forward on this idea, solidify our resolve to 
maximize the potential of information technology in government 
and more clearly define the structure that this position should 
take to maximize its effectiveness.
    In government, we have a clear need to meet the challenge 
of the digital age. It is not just a matter of resolving 
conflict; it is a question of whether or not we will take 
advantage of the phenomenal growth of information technology, 
whether we will make dot-gov as commonplace as dot-com.
    Again, I commend the chairman for the opportunity to have 
this hearing, and I look forward to hearing from each of our 
witnesses.
    Mr. Horn. I thank the gentleman and now yield opening time 
for the gentleman from Virginia, Mr. Davis, who has another 
proposal in this area; and I'd like him to expand on that now.
    Mr. Davis. Thank you. Mr. Chairman, I want to, first, thank 
you for your responsiveness in holding this hearing today to 
examine the merits of establishing a Chief Information Officer 
for the Federal Government based on proposals introduced by 
both myself and my colleague Mr. Turner.
    I also want to express my deep appreciation to our ranking 
member for his foresight in focusing on an issue which I 
believe is critical to improving the ability of government to 
be an efficient user, coordinator, manager, disseminator and 
protector of information resources, particularly with respect 
to information technology.
    I'll spend my few minutes highlighting the dominant themes 
which shaped my proposal, the Federal Information Policy Act, 
to create a Federal CIO who is vested with the primary 
authority to coordinate information resources management within 
and amongst all Federal agencies, including the implementation 
of effective, mandatory controls over government information 
security through a new Director of Information Security and 
Technical Protection.
    A decade ago, technology stood as one of many factors 
important to the mission and performance objectives of the 
Federal Government. But no longer is technology one of many. 
Instead, the Information Revolution and the ever-evolving 
technologies that support its collection, assimilation and 
communication have become integral to the functioning of our 
government. The past 5 years alone are testimony to a 
remarkably fast-paced change in the ability of Americans to 
communicate and access information through the personal 
computer and the Internet.
    It's the responsibility of the Federal Government to adapt 
its institutional processes of the old age to the new economy 
and become a national model for information resources 
management and information security practices through the 
acquisition and use of information technology.
    The current processes appear to lack a focused, 
coordinating body to implement effective IRM policies and 
develop a common strategy for interagency efficiency and 
cooperation. Although the Office of Management and Budget has 
responsibility for information resources management 
governmentwide, I'm deeply concerned that OMB, through the 
Office of Information Regulatory Affairs, is simply unable to 
devote the attention needed for carrying out effective 
information resources management as directed under current law. 
For instance, in July 1998, the General Accounting Office 
[GAO], examined two of the IRM-related responsibilities 
assigned to OMB in the Paperwork Reduction Act and delegated to 
OIRA but found that OIRA had not satisfied either of them. 
Those responsibilities were developing a governmentwide IRM 
plan and periodically reviewing a selected agency's IRM 
activities. And last year the GAO found that improvements in 
broad IT management reforms will be difficult to achieve 
without effective agency leadership, highly qualified and 
experienced CIOs and effective OMB leadership and oversight.
    If we can't get the management of our information resources 
in order, how are we ever going to be able to implement the 
electronic government initiatives supported by this 
subcommittee and the Congress, as well as by the 
administration, that will allow American citizens to 
communicate more easily with their government?
    A critical component of protecting information resources is 
the governmentwide coordination and implementation of proven 
information security practices. Currently, responsibility for 
overseeing computer security procedures and reviews is handled 
by a number of agencies including OMB, the National Institute 
of Standards and Technology, the General Services 
Administration, and the National Security Agency. 
Notwithstanding the number of agencies involved in various 
aspects of information security, there is an abundance of 
evidence highlighting the vulnerabilities of Federal computer 
systems in both internal and external intrusions.
    First and foremost is the portrait that emerged as a result 
of the subcommittee's hearing yesterday in computer security in 
which the Federal Government received an overall grade of D 
minus. As well, at a March 29th hearing, GAO cited earlier 
findings that 22 of the largest Federal agencies were providing 
inadequate protection for critical Federal operations and 
assets from computer-based attacks. GAO reported that within 
the past year it was able to identify systemic weaknesses in 
the information security practices of the Department of 
Defense, the National Aeronautics and Space Administration, 
Department of State, and the Department of Veterans Affairs. In 
each instance sensitive data and/or mission-critical systems 
were penetrated by unauthorized users.
    In early August, the Washington Post reported that the 
State Department had to warn its employees about downloading 
large MP3 sound files on their workstations and the, ``adverse 
effect on the networks as these files enter the e-mail 
system.'' Part of the best information security practices is 
endowing your employees with the necessary awareness of methods 
for security intrusions, such as downloading unknown files and 
introducing them into a computer network.
    Two days later, in discussing the persistent threat of 
computer hackers to the Department of Defense, the Washington 
Post reported that it is highly--it was highly probable that at 
least some of the 22,000 attacks last year were mounted by 
foreigners probing U.S. security gaps. These facts alone prompt 
serious concerns about the integrity of the most basic access 
controls for Federal information systems.
    Mr. Turner and I have established a strong basis for 
working together with the members of the subcommittee, the 
administration, and the private sector to secure the ability of 
our Federal Government to better manage its information 
resources and fully utilize information technology to better 
serve American citizens. Our legislation is similar in that 
each bill gives the CIO top-level authority and direct access 
to the President and also codifies the CIO Council.
    While Mr. Turner's bill envisions the Federal CIO as acting 
as an advisor, resource and visionary for information 
technology management, my legislation goes several steps beyond 
and further encompasses all the information resources 
management functions that rely on IT and which are critical to 
building a government that can serve its citizens in a 
digitally driven world.
    The Federal Government is fast falling behind the curve, 
and I strongly believe that establishing an empowered CIO is 
essential to achieving that goal.
    I want to welcome our panel of witnesses today and look 
forward to hearing their perspectives and suggestions for 
succeeding in making the Federal Government a leader and 
innovator in the management, promotion and protection of 
government information systems. Thank you.
    Mr. Horn. We thank you.
    We now move toward our witnesses.
    The first witness will be the Honorable Sally Katzen, the 
Deputy Director for Management, Office of Management and 
Budget. We'll give the administration 2 extra minutes as a 
matter of reciprocity and curtesy. So we're glad to see you 
here.

  STATEMENT OF SALLY KATZEN, DEPUTY DIRECTOR FOR MANAGEMENT, 
                OFFICE OF MANAGEMENT AND BUDGET

    Ms. Katzen. I'm glad to be here. I'm delighted to be here. 
I have waited a long time for the opportunity to return to 
testify before you and, as in the past, you've picked a great 
issue to focus on.
    As Mr. Turner noted, there is no doubt that IT plays a 
fundamental role in our endeavor to create a government that's 
more accessible and more responsive to the public. Nor is there 
any doubt about the other types of advantages that IT can 
bring. It can also bring significant challenges such as 
security and privacy and accessibility.
    So today the questions of how to manage and fund Federal 
information technology enterprise are among the most critical 
facing Federal managers. And unlike the Y2K problem, which is 
the background for suggestions, from some people at least, 
about a Federal CIO, dimensions of information policy and 
technology oversight responsibilities are ever-expanding and 
involve every aspect of the government's operations--or at 
least they should involve every aspect of the government's 
operations.
    Now in my written testimony I devote many pages to the 
administration's record of managing the IT effort, and I won't 
repeat that here. I do want to make three observations.
    One, while we do not have someone with the title Federal 
CIO, many if not all of the responsibilities identified have 
been carried out through OMB, through the Office of the DDM, 
through the Office of the Administrator of the Office of 
Information and Regulatory Affairs; and I think we've done a 
very good job.
    Over the last 7\1/2\ years, we--with support from the 
President and the Vice President, we have focused on what have 
been the most important issues at the time. The early part of 
the decade we were focusing on systems, and the FAA and the IRS 
that the chairman cited have been turned around as we focus on 
customer off-the-shelf types of things, modular development, 
``Raines rules'' that we have been using.
    We then turned our attention, as this subcommittee well 
knows, to Y2K. And despite initial concerns that we would never 
meet the date change and some very bad grades on report cards, 
we were highly successful in that effort with your help and 
with the help of others.
    And, finally, we have turned in the last year to focus on 
some of the other issues, the paramount one being e-government 
but also computer security. Capital planning, data sharing are 
subjects which we will probably come up with.
    The second point is while I think we have been very 
successful we have done a lousy job of communicating how much 
progress we've made. People are often surprised when they make 
a suggestion and learn we're already doing it. I listen to some 
of the things that have been cited as we need to do and I think 
to myself, we are doing it. We're just not being very effective 
in telling people about it. Whether it's management tools like 
sharing savings, whether it's spacial types of data, the 
FirstGov, the digital signatures, and indeed the CIO Council, 
which you'll hear more from Mr. Flyzik, every agency is not 
reinventing the wheel. We have an effective forum for sharing 
best practices and carrying forward. We are not doing a very 
good job of telling people about it.
    And the third point that I'd like to make is that our 
success is due not only to leadership from the top, and I'm 
referring here to the President and Vice President, and from 
leadership from the Congress, and your committee has been 
outstanding in that regard, but also because of the hard work 
of the many people at the agencies and their leaders who 
understand how IT fits into their mission and programs to 
provide a better and more effective government. This was a 
salient fact of Clinger-Cohen which gave the agency head 
responsibility for investment decisions of IT because they know 
how IT fits with their missions.
    Now, with respect to the subject of this hearing, everybody 
agrees on the importance of promoting and managing Federal IT; 
and everyone agrees that there should be a higher level of 
visibility and a more enhanced effort. There are different 
views about how to get the job done.
    As the chairman mentioned, one that has some currency now 
is to enact legislation that would create a new Federal CIO. As 
my testimony indicates, I think the real questions go to what 
the leaders of the Federal IT enterprise should do and how they 
should do it.
    I thought Mr. Turner asked all the right questions. I hope 
we'll have a chance later to start explaining what it is that 
we are doing in that area.
    But because IT is integral to every operation of 
government, we think IT leadership must be part and parcel of 
the government's budget and program decisionmaking process. In 
other words, the strategic management of Federal IT resources 
should not be separated from other management and budget 
concerns. It must be integrated. It is imperative, we believe, 
that officials with accountability for IT have direct influence 
over the spending and execution of IT investments.
    Severing the tie between responsibility for oversight of IT 
and budgeting for IT would undermine both and retard the 
progress that both the Congress and the executive branch 
recognize as essential. Indeed, separating the Office of 
Management and Budget from the management and budgeting for 
Federal IT is like taking the oranges out of orange juice. 
What's left is drinkable, but it's neither tasty nor 
nutritious. OMB's strength is its governmentwide authority, 
combined with expertise in individual agency mission budgets 
and programs. We set policy governmentwide and oversee 
implementation on a case-by-case basis. This is our strength. 
We are urged to play our strength.
    I cannot emphasize enough how important this function is at 
OMB. The OMB Director devotes significant time to IT management 
issues, and his leadership has energized our efforts. OMB also 
deals with critical information policy issues such as access 
dissemination in FOIA as well as computer security and privacy. 
The DDM manages these efforts both within OMB and across the 
government.
    The DDM has strong support from the OIRA administrator. As 
a former Administrator of OIRA, I can tell you how important 
and significant a component that is. Now we recognize there 
could well be enhanced efforts for OMB to promote and lead 
agency IT efforts. We have started this effort, and we welcome 
a dialog with this committee and with others here at the table 
as to what we should be doing to improve our efforts.
    Mr. Chairman, as I noted in my testimony at the end, I 
offer these views based on 6 years experience of managing 
information technology in the Federal Government but also in 
recognition that we're only 2 months before an election and 5 
months before a transition to a new President. As Mr. Turner 
mentioned, both major candidates have made Federal IT an 
important program in their agendas and both share your goal and 
ours of continually looking at ways to improve Federal IT 
management.
    The two bills you've asked me to comment on both speak to 
what is essentially a management issue: How to organize 
oversight of the government's most important function. And I 
suggest that legislation now would only tie the new President's 
hands. We ought to give the new administration an opportunity 
to consider the approaches in these two bills and other 
approaches to IT and management and give us their 
recommendations before any action is taken.
    Again, I join those who recognize and applaud this 
committee's interest in how government manages and uses IT. We 
think that hearings such as this are extraordinarily helpful to 
keep us all focused on how best to achieve those goals. We have 
full confidence that this partnership will ensure that the next 
administration can build on our progress to deliver the 
American people the quality of
government they expect.
    Thank you very much, Mr. Chairman.
    Mr. Horn. We thank you for your diligence and are glad to 
see you back doing all this.
    [The prepared statement of Ms. Katzen follows:]

    [GRAPHIC] [TIFF OMITTED] T4562.001
    
    [GRAPHIC] [TIFF OMITTED] T4562.002
    
    [GRAPHIC] [TIFF OMITTED] T4562.003
    
    [GRAPHIC] [TIFF OMITTED] T4562.004
    
    [GRAPHIC] [TIFF OMITTED] T4562.005
    
    [GRAPHIC] [TIFF OMITTED] T4562.006
    
    [GRAPHIC] [TIFF OMITTED] T4562.007
    
    Mr. Horn. David McClure is the Associate Director, 
Governmentwide and Defense Information Systems for the U.S. 
General Accounting Office, part of the legislative branch. Mr. 
McClure.

STATEMENT OF DAVID McCLURE, ASSOCIATE DIRECTOR, GOVERNMENTWIDE 
AND DEFENSE INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE

    Mr. McClure. Good morning Mr. Chairman. Mr. Turner, Mr. 
Davis, pleasure to be here.
    I really want to cover three crucial points concerning this 
topic of the Federal CIO this morning and expand on them 
briefly.
    First, I think sustained and focused central leadership for 
information technology management is essential for the Federal 
Government. It should enhance and not constrain similar IT 
leadership and accountability in the Federal agencies.
    Second, the form and the structure of the CIO position 
should follow closely to the functions that you expect the 
office to perform.
    And, third, the two legislative proposals before the 
Congress offer two distinctively different approaches for 
elevating the visibility and focus of Federal information 
management and technology. Each proposal has its benefits, but 
each also will face implementation challenges.
    Let me expand on each of these points briefly.
    First is the need for established and focused central 
leadership. Increasingly, Federal information management and 
technology challenges are multidimensional, and they're 
horizontal in nature. They cut across traditional program and 
agency lines.
    As noted in the report that we're issuing today to you, Mr. 
Chairman, on management lessons learned from Y2K, a Federal CIO 
could be instrumental in focusing on actions that go beyond 
those traditional boundaries. This necessitates governmentwide 
oversight, interagency collaboration and funding, and 
cooperation with State governments, local governments, and the 
private sector.
    Today's critical IT issues, including IT management issues, 
security, critical infrastructure protection, electronic 
government, and IT human capital really all require tightly 
focused, constant governmentwide leadership and direction. It's 
for that reason we support the creation of a Federal CIO today, 
just as we did during the deliberations of the Clinger-Cohen 
Act in 1995.
    Agency leaders and agency CIOs should be held accountable 
for their IT missions within their own agencies. But a Federal 
CIO can bring a lot to the table. He or she could identify and 
set the agenda for governmentwide policy issues needing 
attention; he or she could focus on established priorities in 
ensuring that related efforts are complementary rather than 
duplicative of each other; and the national CIO could direct 
the attention and resources to consolidating interagency 
governmentwide process through shared information technology 
assets.
    My second point relates to the critical need for the 
Federal CIO position to be structured for success. We've done 
research on successful CIOs in both the public and the private 
sector. The trend for these positions is--especially in the 
government--is for the CIOs to have governmentwide 
responsibilities. In creating this position there are two 
critical success factors that are paramount: First, top level 
political support and attention to IT management; and, second, 
clear roles, responsibilities, accountabilities and sufficient 
stature to maximize CIO impact and success.
    My third point involves the distinctively different models 
for a Federal CIO presented by these two legislative proposals. 
Let me point out, however, that they do have similarities. For 
example, they both make the Federal CIO a Presidential 
appointee who reports directly to the President with cabinet 
level status. The high visibility afforded to this position 
should not be underestimated. It is a clear critical success 
factor for all CIOs in any organizations. Both bills also leave 
intact OMB's role and responsibility to review and ultimately 
approve agencies' budgets for inclusion in the President's 
submission.
    Additionally, both bills establish the CIO Council and 
statute and we believe there are tremendous benefits in doing 
so.
    The chief differences between these two bills lie mainly 
with the scope, the role, the responsibilities of the CIO. Mr. 
Davis' bill vests the Federal CIO with policy guidance and 
oversight responsibilities that currently reside with OMB. This 
would create a single central focus for information, management 
and technology. And the multitude of the duties associated with 
the DDM position in OMB and the regulatory burden and paperwork 
reduction performed by OIRA really limit the ability of OMB to 
provide full-time focus and attention to the government's 
pressing IT problems.
    So to sum up, let me reiterate a point that is made in Ms. 
Katzen's written statement. There is clearly no consensus if 
the Federal community on the need for a Federal CIO. I think 
that can be attributable to the uncertainty about the details 
regarding how the position would be created, its role, its 
authority, its responsibility. Still we believe there's a clear 
need for focused central leadership to increase the 
government's ability to use information resources at its 
disposal effectively, securely and with the best service to the 
American people.
    Thank you, Mr. Chairman.
    [The prepared statement of Mr. McClure follows:]

    [GRAPHIC] [TIFF OMITTED] T4562.008
    
    [GRAPHIC] [TIFF OMITTED] T4562.009
    
    [GRAPHIC] [TIFF OMITTED] T4562.010
    
    [GRAPHIC] [TIFF OMITTED] T4562.011
    
    [GRAPHIC] [TIFF OMITTED] T4562.012
    
    [GRAPHIC] [TIFF OMITTED] T4562.013
    
    [GRAPHIC] [TIFF OMITTED] T4562.014
    
    [GRAPHIC] [TIFF OMITTED] T4562.015
    
    [GRAPHIC] [TIFF OMITTED] T4562.016
    
    [GRAPHIC] [TIFF OMITTED] T4562.017
    
    [GRAPHIC] [TIFF OMITTED] T4562.018
    
    [GRAPHIC] [TIFF OMITTED] T4562.019
    
    [GRAPHIC] [TIFF OMITTED] T4562.020
    
    [GRAPHIC] [TIFF OMITTED] T4562.021
    
    [GRAPHIC] [TIFF OMITTED] T4562.022
    
    [GRAPHIC] [TIFF OMITTED] T4562.023
    
    [GRAPHIC] [TIFF OMITTED] T4562.024
    
    [GRAPHIC] [TIFF OMITTED] T4562.025
    
    [GRAPHIC] [TIFF OMITTED] T4562.026
    
    [GRAPHIC] [TIFF OMITTED] T4562.027
    
    [GRAPHIC] [TIFF OMITTED] T4562.028
    
    [GRAPHIC] [TIFF OMITTED] T4562.029
    
    [GRAPHIC] [TIFF OMITTED] T4562.030
    
    [GRAPHIC] [TIFF OMITTED] T4562.031
    
    [GRAPHIC] [TIFF OMITTED] T4562.032
    
    [GRAPHIC] [TIFF OMITTED] T4562.033
    
    [GRAPHIC] [TIFF OMITTED] T4562.034
    
    [GRAPHIC] [TIFF OMITTED] T4562.035
    
    [GRAPHIC] [TIFF OMITTED] T4562.036
    
    [GRAPHIC] [TIFF OMITTED] T4562.037
    
    [GRAPHIC] [TIFF OMITTED] T4562.038
    
    [GRAPHIC] [TIFF OMITTED] T4562.039
    
    [GRAPHIC] [TIFF OMITTED] T4562.040
    
    [GRAPHIC] [TIFF OMITTED] T4562.041
    
    [GRAPHIC] [TIFF OMITTED] T4562.042
    
    [GRAPHIC] [TIFF OMITTED] T4562.043
    
    [GRAPHIC] [TIFF OMITTED] T4562.044
    
    [GRAPHIC] [TIFF OMITTED] T4562.045
    
    [GRAPHIC] [TIFF OMITTED] T4562.046
    
    [GRAPHIC] [TIFF OMITTED] T4562.047
    
    [GRAPHIC] [TIFF OMITTED] T4562.048
    
    [GRAPHIC] [TIFF OMITTED] T4562.049
    
    [GRAPHIC] [TIFF OMITTED] T4562.050
    
    [GRAPHIC] [TIFF OMITTED] T4562.051
    
    [GRAPHIC] [TIFF OMITTED] T4562.052
    
    [GRAPHIC] [TIFF OMITTED] T4562.053
    
    [GRAPHIC] [TIFF OMITTED] T4562.054
    
    [GRAPHIC] [TIFF OMITTED] T4562.055
    
    [GRAPHIC] [TIFF OMITTED] T4562.056
    
    [GRAPHIC] [TIFF OMITTED] T4562.057
    
    [GRAPHIC] [TIFF OMITTED] T4562.058
    
    [GRAPHIC] [TIFF OMITTED] T4562.059
    
    [GRAPHIC] [TIFF OMITTED] T4562.060
    
    [GRAPHIC] [TIFF OMITTED] T4562.061
    
    [GRAPHIC] [TIFF OMITTED] T4562.062
    
    [GRAPHIC] [TIFF OMITTED] T4562.063
    
    [GRAPHIC] [TIFF OMITTED] T4562.064
    
    [GRAPHIC] [TIFF OMITTED] T4562.065
    
    [GRAPHIC] [TIFF OMITTED] T4562.066
    
    [GRAPHIC] [TIFF OMITTED] T4562.067
    
    [GRAPHIC] [TIFF OMITTED] T4562.068
    
    [GRAPHIC] [TIFF OMITTED] T4562.069
    
    [GRAPHIC] [TIFF OMITTED] T4562.070
    
    [GRAPHIC] [TIFF OMITTED] T4562.071
    
    [GRAPHIC] [TIFF OMITTED] T4562.072
    
    [GRAPHIC] [TIFF OMITTED] T4562.073
    
    [GRAPHIC] [TIFF OMITTED] T4562.074
    
    [GRAPHIC] [TIFF OMITTED] T4562.075
    
    [GRAPHIC] [TIFF OMITTED] T4562.076
    
    [GRAPHIC] [TIFF OMITTED] T4562.077
    
    [GRAPHIC] [TIFF OMITTED] T4562.078
    
    [GRAPHIC] [TIFF OMITTED] T4562.079
    
    [GRAPHIC] [TIFF OMITTED] T4562.080
    
    [GRAPHIC] [TIFF OMITTED] T4562.081
    
    [GRAPHIC] [TIFF OMITTED] T4562.082
    
    [GRAPHIC] [TIFF OMITTED] T4562.083
    
    [GRAPHIC] [TIFF OMITTED] T4562.084
    
    [GRAPHIC] [TIFF OMITTED] T4562.085
    
    [GRAPHIC] [TIFF OMITTED] T4562.086
    
    [GRAPHIC] [TIFF OMITTED] T4562.087
    
    [GRAPHIC] [TIFF OMITTED] T4562.088
    
    [GRAPHIC] [TIFF OMITTED] T4562.089
    
    [GRAPHIC] [TIFF OMITTED] T4562.090
    
    [GRAPHIC] [TIFF OMITTED] T4562.091
    
    [GRAPHIC] [TIFF OMITTED] T4562.092
    
    [GRAPHIC] [TIFF OMITTED] T4562.093
    
    [GRAPHIC] [TIFF OMITTED] T4562.094
    
    [GRAPHIC] [TIFF OMITTED] T4562.095
    
    [GRAPHIC] [TIFF OMITTED] T4562.096
    
    [GRAPHIC] [TIFF OMITTED] T4562.097
    
    [GRAPHIC] [TIFF OMITTED] T4562.098
    
    [GRAPHIC] [TIFF OMITTED] T4562.099
    
    [GRAPHIC] [TIFF OMITTED] T4562.100
    
    [GRAPHIC] [TIFF OMITTED] T4562.101
    
    [GRAPHIC] [TIFF OMITTED] T4562.102
    
    Mr. Horn. We thank you very much for the usual fine 
analysis by the General Accounting Office.
    We now move to Mr. Jim Flyzik, the Deputy Assistant 
Secretary, Information Systems and the Chief Information 
Officer for the Department of the Treasury, and he's here in 
that role as well as being vice chairman, Chief Information 
Officers Council. And we are particularly interested through 
you as to the views the Chief Information Officers have on 
these matters.
    Mr. Flyzik.

     STATEMENT OF JIM FLYZIK, DEPUTY ASSISTANT SECRETARY, 
INFORMATION SYSTEMS, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT 
  OF THE TREASURY, VICE CHAIRMAN, CHIEF INFORMATION OFFICERS 
                            COUNCIL

    Mr. Flyzik. Thank you, Mr. Chairman, Mr. Turner, Mr. Davis, 
and members of the subcommittee. I appreciate the opportunity 
to appear today to discuss the concept of a Federal Chief 
Information Officer. I would like to first thank the chairman 
and the other members of the subcommittee for your continued 
support and interest in the improvement of information 
technology performance and accountability in the Federal 
Government.
    I have served as the vice chair of the Federal CIO Council 
since 1998, where I play a key role in the direction of 
information technology for the Federal Government. In 
performing my jobs, I have witnessed the growth of online 
services changing the way customers expect to interact with 
their government. Citizens now want to use technology to access 
the government and its services at a time and a location that 
is convenient to them. It is no longer acceptable to have a 9 
by 5 government. Kiosks, the Internet and voice technologies 
are just a few examples of the many technologies that exist to 
provide a fully interactive government to our citizens based on 
their terms.
    Due to factors including the Clinger-Cohen legislation, the 
work of the Federal CIO Council, the year 2000 success and the 
growth of the Internet and e-commerce, the role of the Federal 
CIO is progressing into a peer with senior management. I 
appeared before this subcommittee in March to discuss the 
differences in the role of a CIO in the public and private 
sectors. Attention is now turning to the future potential and 
growth of Federal CIOs. One option under discussion is creation 
of a new Federal CIO within the Executive Office of the 
President.
    In regard to this question, the subcommittee presented me 
with six questions which I would like to briefly address. 
Should there be a Federal CIO and, if so, how should it assist 
the Federal Government in managing information technology? The 
attention and debate now surrounding this question is quite 
timely. As we progress to a new administration we must envision 
the government in an interconnected digital world. My opinion 
of whether a new position of Federal CIO is a good idea would 
depend on how the position would be implemented and empowered. 
A major constraint to the pace of IT advancement in government 
has been the skirmishes over centralization versus 
decentralization, not lack of capability.
    As vice chair of the CIO Council I believe that many 
government programs that share common elements or information 
could be vastly improved with stronger authority to enforce 
interagency and intergovernmental cooperation. We need to tear 
down stovepipes and obsolete hierarchical structures. The 
Internet knows no such structures or boundaries.
    Mr. Horn. Could I just interject for a minute because I've 
heard the term yesterday and today, and would you explain to 
everybody what a stovepipe approach is?
    Mr. Flyzik. Yes, sir. In traditional ways that stoves 
worked in homes in the past, you would have various pipes going 
out that all were independent of one another with no 
coordination. So when we talk about stovepipes we view our 
agencies working independently without cooperating or toward 
one common goal.
    Mr. Horn. Well, now that we have a definition every one 
that comes up from the administration will have a little 
asterisk put by their name as the Flyzik view of stovepipes. It 
will be put in all hearings.
    Mr. Flyzik. Thank you so much, sir. It's nice to know I 
have a legacy here.
    Mr. Horn. We try to provide those little services.
    Mr. Flyzik. The oversight could continue to be in the form 
of the OMB Deputy Director for Management or it could be 
another option like a new Federal CIO or a more empowered CIO 
Council. Any new leadership position in this area should have 
authority to work through the Director of OMB to control IT 
resources, IT budgets and spending. The centralized leadership 
can assist the government in managing its use of information 
technology and, like the Deputy Director of Management does 
today, assist the administration efforts to advise the 
President on matters relating to IT, build a vision for IT in 
the Federal sector, create opportunities and partnerships with 
the academic and private sector, set the direction for critical 
IT areas to cross agency boundaries such as interactive 
government and security, privacy and critical infrastructure 
protection and, importantly, enforce a Federal enterprize 
architecture and, most importantly, see government programs 
functionally from the point of view of the customer, not any 
specific agency. We can and should build on this framework.
    Where should the position be located? As the Deputy 
Director of Management today, any enhanced central authority 
over interagency IT initiatives needs to be located within the 
Executive Office of the President. Progress and success will 
require buy-in from agency heads; therefore, the function needs 
to be performed at a level that can deal with cabinet officers.
    How should it be empowered? Stronger empowerment requires 
actual authority in a budget to initiate and oversee the 
direction and funding of IT initiatives that affect more than 
one agency. A new staff position with primary duties to chair a 
council or review presentations or present recommendations 
would be viewed as just another bureaucratic hurdle and would 
be counterproductive. It is essential that any enhanced 
authority continue to be integrally linked with OMB's budget 
function to develop a process for evaluating the performance of 
capital investments for IT across government. It is also 
essential that any centralized position have authority to 
develop a process for funding interagency initiatives.
    Improved funding and management of multiagency IT 
initiatives can enhance the government's ability to address 
common IT challenges and solutions. Technology allows us to 
provide government to its customers across functional areas. 
The funding mechanisms should be developed to support this 
approach. In addition, funds for interagency IT should be 
solidified and made sufficient to support the level of need for 
interagency work.
    How should a Federal CIO's relationship with agency CIOs in 
the Federal CIO Council be defined? A digital economy drives 
new expectations of government. It would make sense that it 
would drive a new structure too. Ontario, Canada provides an 
example of a structure based on functional areas of government 
rather than agency structures. Before Ontario changed its 
structure the 17 different ministries had 17 different CIOs 
reporting to the deputy minister and cabinet office. Now there 
is a single authority that reports to the cabinet office in 
charge of information technology and is held accountable for IT 
in Ontario.
    What are more interesting are clusters of CIOs created 
around communities of service. The CIOs of these clusters 
report to the Ontario CIO. Leadership of Federal IT can operate 
in a similar fashion. The Federal CIO Council is already in 
place and could present the clusters of CIOs. I provide a chart 
of the Ontario organization as an example of a structure 
evolving with technology.
    How should a Federal CIO address issues such as electronic 
government information and insurance? Any expanded central 
authority should build on the structure currently in place, the 
Federal CIO Council. The Council is effective at establishing 
committees to bring subject matter experts out to address the 
issues and are in the forefront of IT in government-electronic 
government. Enterprise interpretability; capital planning; 
security, privacy and critical infrastructure protection; and 
Federal IT work force are some examples. The Council has 
developed a strategic plan with specific goals and initiatives 
for each committee. Greater authority could give the Federal 
CIO Council the responsibility and resources it requires to 
work with agencies states, academia and the private sector.
    Finally, question 6, what are the other key issues the 
Federal CIO should consider? Any action to strengthen central 
authority for governmentwide IT strategy should continue to 
work closely with the Federal CIO Council to develop 
strategies. Issues we have identified are: Connecting citizens 
to product services and information of their government; 
putting in place interoperable and governmentwide IT 
initiatives; providing a secure and reliable information 
infrastructure that the customer can access and trust; 
acquiring IT skills and resources to meet mission objectives; 
collaborating between the public and private sectors to achieve 
better government; fostering investment management policies, 
practices and tools that enable improved delivery of government 
programs and services.
    I find that the two proposed pieces of legislation are, 
each in different ways, interesting starts in improving the 
coordination and effectiveness of IT efforts. It is refreshing 
that reducing the burden of information collection from the 
citizen is emphasized.
    We look forward to working with the Congress on addressing 
these and other issues. I would like to thank the subcommittee 
for the support it has given to the work of the Federal CIO 
Council. Without your support we would not have been able to 
achieve the national success we have enjoyed with Y2K, the 
Internet and e-government. I would like to thank the members of 
the subcommittee for the opportunity to present this morning.
    Mr. Chairman, this concludes my formal remarks. I look 
forward to answering questions.
    [The prepared statement of Mr. Flyzik follows:]

    [GRAPHIC] [TIFF OMITTED] T4562.103
    
    [GRAPHIC] [TIFF OMITTED] T4562.104
    
    [GRAPHIC] [TIFF OMITTED] T4562.105
    
    [GRAPHIC] [TIFF OMITTED] T4562.106
    
    [GRAPHIC] [TIFF OMITTED] T4562.107
    
    [GRAPHIC] [TIFF OMITTED] T4562.108
    
    [GRAPHIC] [TIFF OMITTED] T4562.109
    
    [GRAPHIC] [TIFF OMITTED] T4562.110
    
    [GRAPHIC] [TIFF OMITTED] T4562.111
    
    [GRAPHIC] [TIFF OMITTED] T4562.112
    
    [GRAPHIC] [TIFF OMITTED] T4562.113
    
    Mr. Horn. Well, thank you very much. We appreciate that 
summary.
    Otto Doll is the Commissioner of the Bureau of Information 
and Technology for the State of South Dakota and president of 
the National Association of State Information Resources 
Executives. I'm particularly indebted to you for those nice 
charts you put with your testimony. It's very helpful to see 
what the Governors are doing around the country.
    So Mr. Doll.

 STATEMENT OF OTTO DOLL, COMMISSIONER, BUREAU OF INFORMATION & 
    TECHNOLOGY, STATE OF SOUTH DAKOTA, PRESIDENT, NATIONAL 
     ASSOCIATION OF STATE INFORMATION RESOURCES EXECUTIVES

    Mr. Doll. Thank you, Mr. Chairman, Mr. Turner, Mr. Davis, 
and members, subcommittee members. Recent congressional bills 
such as H.R. 4670 and H.R. 5024 offer tremendous opportunities 
for the Federal Government to take full advantage of the 
Internet revolution and all it has to offer for digital 
government. The States, as laboratories of democracy, offer 
many examples of how enterprise-wide Chief Information Officers 
add real value to government's use of information technology. 
Furthermore, the recent year 2000 compliance effort has allowed 
all CIOs, whether they be local, Federal, State, private or 
public sector, to completely inventory the IT resources at 
their disposal. For the first time we have been able to 
establish lines of communication and cooperation among IT units 
through our enterprises.
    While it is difficult to derive a single organizational 
model from the 50 States, some clear trends are apparent, and 
both of the bills cited earlier put the Federal Government 
firmly on the same path.
    Generally with the title CIO comes advisory responsibility 
for enterprise-wide IT policy, not just management. Many, if 
not all, CIOs report to their Governors, State chief executives 
in some formal or informal capacity. CIOs can be called upon to 
advise the Governor on IT matters, deliver agency IT budgets, 
draft proposal legislation, testify before legislative 
committees on IT investment options and results and oversee 
statewide procurement, project management, risk management and 
strategic planning. While many State CIOs report solely to 
their Governors on technology issues, some are also responsible 
to cabinet level officials such as the secretary of 
administration, commerce, or revenue.
    According to a survey conducted by NASIRE in February and 
staff research, 23 States have a CIO in place who reports 
directly to the Governor; only 8 States reported such an 
arrangement in a 1998 survey; 24 State CIOs operate within some 
other arrangement, usually reporting to a cabinet officer. 
However, that does not mean those CIOs never interact with 
their Governors. Some State CIOs work in conjunction with an 
advisory board or commission and many serve as chair of a 
council of agency level CIOs. The remaining three States are 
currently moving toward a CIO arrangement.
    A roundtable of State CIOs held at NASIRE's 2000 midyear 
conference discussed key aspects of real CIO authority. The 
clear consensus was that some form of access to the Governor is 
crucial to the CIO's success. Without that access the CIO 
cannot win the sponsorship that is necessary to implement 
innovative application of technology, break down the silos of 
government and manage the expectations of internal and external 
constituents who are often intimidated by or over expectant of 
the impact of IT on government.
    The recent Federal experiences with John Koskinen, who 
served as the Y2K czar, shows how a CIO level official serving 
as an extension of the chief executive can bring together 
diverse public and private interests to tackle the huge IT 
project.
    We have also seen how the President's keen interest in the 
development of the FirstGov.gov portal has reinvigorated a 
project that had previously floundered without centralized high 
level leadership. The Oval Office and Congress will need an 
ongoing, accountable IT visionary for future efforts.
    The necessity of the CIO has been recognized by a number of 
organizations, including the National Electronic Commerce 
Coordinating Council, which declared: ``regardless of the 
structure, the most critical factor for success in implementing 
electronic government is a clear direction communicated with 
both authority and responsibility. Responsibility for 
implementation should rest with an empowered leader, such as 
the CIO.''
    NEC3 is a coalition among NASIRE, the National Association 
of Secretaries of State, the National Association of State 
Procurement Officials, and the National Association of State 
Auditors, Comptrollers and Treasurers.
    Separating technology from government programs is 
impossible today. State CIOs are responsible for putting their 
executives visions and goals for IT into action. The Harvard 
Policy Group on Network-Enabled Services and Government, which 
included CIOs from all levels of government, echos that 
sentiment. They define CIO not solely as a manager of 
technology but as a manager of technology in support of 
organizational strategy and change management. The same 
sentiment emerges from the private sector as well.
    Janet Caldow of IBM's Institute for Electronic Government 
states: ``our early studies with the Kennedy School of 
Government revealed that a center of gravity for technology 
policy and strategy is a fundamental critical success factor 
for governments to move forward aggressively. That can come in 
the form of a Chief Information Officer or a technology and 
policy advisor to the chief executive.''
    As the center of gravity for IT policy, the CIO needs to 
inspire leaders, including elected and appointed officials as 
well as front line managers and staff that dedicate political 
capital and other resources to the agenda. One powerful dynamic 
of IT is that it can enable and integrate all government 
services and initiatives--education, criminal justice, economic 
development, etc.
    A CIO is necessary to convene key information stakeholders, 
develop adaptive architectures that are conducive to sharing, 
and access the incumbent risks of exposing information online. 
Then the CIO is needed to moderate the changing interest of the 
diverse stakeholders, enforce standards for sharing, and 
implement the critical security technologies and processes that 
can ensure privacy. Only then will government enjoy the full 
benefits of integration.
    Globally, a number of other nations are taking aggressive 
approaches to digital government, including the Special 
Administrative Region of Hong Kong, Singapore, Australia, 
Canada, United Kingdom and the European Union. Australia 
represents a major effort to have all that nation's services 
well enabled by 2001. Australia, Hong Kong and Singapore have 
also signed memoranda of understanding to facilitate cross 
national e-commerce, underscoring the important role a national 
digital government can play in facilitating economic growth.
    In conclusion, let me say that my goals for today have been 
to reinforce my testimony before this committee from last 
March. Support for the role of the CIO comes from many 
quarters. Furthermore, empowered CIOs such as those in Kentucky 
and Indianapolis and elsewhere can achieve much. NASIRE 
encourages the Federal Government to establish an Executive 
Office of the CIO. However, we caution that the role CIO cannot 
be defined with one act. The work of the CIO will not end after 
one project. In our estimation, the future success of any 
government in the new economy depends on not only establishing 
an office of the CIO, but also in constantly evolving the role 
of CIO as technologies change and new opportunities emerge. 
Only then will the full fruition of digital government be 
within our reach.
    [The prepared statement of Mr. Doll follows:]

    [GRAPHIC] [TIFF OMITTED] T4562.114
    
    [GRAPHIC] [TIFF OMITTED] T4562.115
    
    [GRAPHIC] [TIFF OMITTED] T4562.116
    
    [GRAPHIC] [TIFF OMITTED] T4562.117
    
    [GRAPHIC] [TIFF OMITTED] T4562.118
    
    [GRAPHIC] [TIFF OMITTED] T4562.119
    
    [GRAPHIC] [TIFF OMITTED] T4562.120
    
    [GRAPHIC] [TIFF OMITTED] T4562.121
    
    [GRAPHIC] [TIFF OMITTED] T4562.122
    
    [GRAPHIC] [TIFF OMITTED] T4562.123
    
    [GRAPHIC] [TIFF OMITTED] T4562.124
    
    [GRAPHIC] [TIFF OMITTED] T4562.125
    
    [GRAPHIC] [TIFF OMITTED] T4562.126
    
    [GRAPHIC] [TIFF OMITTED] T4562.127
    
    [GRAPHIC] [TIFF OMITTED] T4562.128
    
    [GRAPHIC] [TIFF OMITTED] T4562.129
    
    [GRAPHIC] [TIFF OMITTED] T4562.130
    
    [GRAPHIC] [TIFF OMITTED] T4562.131
    
    [GRAPHIC] [TIFF OMITTED] T4562.132
    
    [GRAPHIC] [TIFF OMITTED] T4562.133
    
    [GRAPHIC] [TIFF OMITTED] T4562.134
    
    [GRAPHIC] [TIFF OMITTED] T4562.135
    
    [GRAPHIC] [TIFF OMITTED] T4562.136
    
    [GRAPHIC] [TIFF OMITTED] T4562.137
    
    [GRAPHIC] [TIFF OMITTED] T4562.138
    
    [GRAPHIC] [TIFF OMITTED] T4562.139
    
    [GRAPHIC] [TIFF OMITTED] T4562.140
    
    [GRAPHIC] [TIFF OMITTED] T4562.141
    
    [GRAPHIC] [TIFF OMITTED] T4562.142
    
    [GRAPHIC] [TIFF OMITTED] T4562.143
    
    [GRAPHIC] [TIFF OMITTED] T4562.144
    
    [GRAPHIC] [TIFF OMITTED] T4562.145
    
    [GRAPHIC] [TIFF OMITTED] T4562.146
    
    Mr. Horn. Thank you very much. We appreciated that 
testimony Mr. Doll. I'm going to have to do something I don't 
like doing because I'm going to have to interject for a 
question period before the representative of the administration 
has to go, and she said she has to go at 11:15 and I want Mr. 
Davis, Mr. Turner to question her before now and 11:15. So I 
first yield for questions 5 minutes for the gentleman from 
Virginia, Mr. Davis.
    Mr. Davis. Thank you. Sally, thanks for being here once 
again and for all the work you're doing. In your written 
testimony you offer that Clinger-Cohen is correct in placing 
centralized leadership responsibilities for IT investment 
management within OMB because OMB has budget and program 
oversight responsibilities throughout the executive branch and 
can work to ensure that IT supports agency missions and 
policies. You go on to say that legislation which mandates a 
particular approach may lock in oversight structures and 
constrain our capacity to solve the problems that are unknown 
to us today.
    I wonder if you could take a minute and describe the 
leadership role that OMB has displayed in the past in defining 
and managing interagency items, not just speaking to money 
items but managing IT resources. How does OMB keep track of 
those initiatives so that responsible decisions can be made 
when projects are not working and should be halted or a new 
direction should be taken? Can you give me a feel for how that 
works?
    Ms. Katzen. Sure. Thank you. In one respect we take our 
management challenges each year as part of the budget. We 
prepare those priority management objectives, we call them, the 
PMOs, that warrant senior management attention, and IT 
management is always on the list. This year I think we have 
four that include that. People are assigned within OMB both in 
the statutory offices and in the RMOs, the Resource Management 
Offices, which do the budgeting and management hands, often to 
report on a monthly basis on the progress made. I have prepared 
this report for the Director, for the President and see how we 
are proceeding on the most important challenges.
    At the other end of the spectrum OMB is actually a fairly 
lean and mean organization--well, I'm not so sure it's mean but 
it is lean. We only have about 500 people for all the 
governmentwide functions. We leverage our power and authority 
through interagency councils, whether it's the Statistical 
Policy Council which was created and reports through the Chief 
Statistician of the United States, who's in the Office of 
Administration. In the Office of Information, Regulatory 
Affairs, or the CIO Council, the Deputy Director for 
Management, me now, sits as chair of the CIO Council, sits as 
chair of the CFO Council, that's the Chief Financial Officers, 
sits as chair of the PCIE, which is the President's Committee 
on Integrity and Efficiency, which are the IGs, the Procurement 
Executives Council. What I have done----
    Mr. Horn. Excuse me. Could you sort of spell it out for the 
people that are listening?
    Ms. Katzen. CIO Council is the Chief Information Officers 
Council. CFO Council is the Chief Financial Officers Council. 
The PEC is the Procurement Executives Council. The PCIE is the 
President's Council on Efficiency and Integrity, which is the 
IGs, which are the Inspector Generals.
    Each of these councils have committees. Mr. Flyzik 
indicated the myriad numbers of committees that they have. 
Their e-government committee representative meets with me, with 
the CFO Council e-government representative and the PEC e-
government representative, at least once a month, where we sort 
through priorities, we hear about initiatives. And the CFO 
Council people will sit there and say, oh, is that what the CIO 
Council is doing? Isn't that interesting? We're able to 
exchange best practices. Mr. Flyzik has attended those meetings 
in the past. That's another way we leverage.
    Mr. Davis. Where is the decisionmaking authority after you 
all sit down and you go through all these? Does it come to you 
then up through the head of OMB in terms of resolving----
    Ms. Katzen. In most instances it's not a decision that has 
to be made yes or no. It's a sorting through priorities. But if 
there were, it would be through me and I would consult with 
Jack Lew, the Director, or the President or Vice President. Mr. 
Doll was talking about the President's interest in FirstGov. We 
presented it to him and he loved it, and he therefore announced 
it. It was something we had developed, and we had developed it 
with the help of the CIO Council as well as the PEC Council 
because one piece of this FirstGov is to have a single gateway 
for procurement for buying and selling to the government, and 
they're interested in that aspect of it.
    So we put all these pieces together. When we presented it 
to the President he was most enthusiastic about it. So it can 
go at different levels, in part depending upon how radical it 
may be or how much funding is necessary.
    And there's also, one of the problems that we've had, and 
I've heard this from a number of the people who are talking 
about this, is the funding. OMB has included requests for 
funding for security, for e-government, for digital signatures, 
for a variety of things and we just were hoping that the 
Congress will be more receptive to those requests.
    Mr. Davis. I think my 5 minutes are up. I want to make 
sure--I might want to give you a couple of written questions, 
but I think you've given me the outlines.
    Ms. Katzen. Be happy to supply any answers to that. Thank 
you very much, sir.
    Mr. Horn. The gentleman from Texas, Mr. Turner, 5 minutes 
for questioning the witness.
    Mr. Turner. Thank you, Mr. Chairman. We appreciate all of 
your input on this issue, and as you know, in our meetings 
together there are some issues that must be resolved before we 
can move forward. And obviously we want to be sure we structure 
this new Chief Information Officer in a way that's consistent 
with the roles that you are accustomed to having oversight 
over. I did notice that in a letter that we received just 
yesterday from Mr. Gilligan, who is the CIO of the Department 
of Energy, he said that only a small portion of the funding 
requests we're talking about for information technology funding 
is intended to provide for coordinating governmentwide security 
efforts.
    We were talking yesterday, as you know, about computer 
security as well as providing common solutions that will 
improve efficiency and effectiveness of individual agency 
security programs. He goes on to say these initiatives are not 
designed to replace individual agency programs already in 
place. Rather, they seek to build on their successes and expand 
existing infrastructure. In an attachment to his letter he says 
most of the funding that has been provided in the Federal 
budget has been directed at the individual agencies. He says, 
and I quote, only a small portion of this funding request is 
intended to provide for cross government initiatives.
    I'd like for you to describe for us some specific cross 
agency initiatives relating to information technology that OMB 
has successfully implemented.
    Ms. Katzen. I will start by noting that I don't completely 
agree with his characterization of the way we do the funding. 
It is true that there is a relatively small portion that is 
designed for intra--interagency, among agencies, cross-cutting, 
governmentwide types of projects. But the security, for 
example, should be built into the system. It shouldn't be a 
separate kind of venture. It should be part of the capital 
planning process, and that's one of the things we're working 
on.
    But having said that, in terms of the types of activities 
that we have, 2 years ago the Congress and Treasury-Postal gave 
us a $7 million fund for us to allocate for governmentwide 
efforts, and that money was used in part for the CIO Council, 
and we asked them to come up with their wish list, their 
priorities, so that we could be responsive to the agencies' 
CIOs as what they thought were those projects most in need. 
Digital signature was one; FirstGov is another that I can think 
of off the top of my head.
    This year we took that same fund--$7 million is not a very 
large amount considering that we spend billions in other 
areas--we increased it to $17 million. All indications are the 
Treasury-Postal will increase it. That should be significantly 
enhanced because there are opportunities. But what we have done 
again for the 2001 budget for the $17 million was to go back to 
the CIO Council and the CFO Council and say, what is it that 
you think is most desirable, and this is reviewed within OMB. 
And they came up with these different types of projects that 
they wanted us to fund.
    Mr. Turner. Is that the only cross-agency initiative that 
OMB has been involved in?
    Ms. Katzen. No. Clinger-Cohen also includes a ``pass the 
hat'' authority. And there was an additional $5 or $6 million 
that we used to collect additional moneys from the various 
agencies for some of the CIO-type functions. Again, Mr. Flyzik, 
who helped implement this, could give you more details on it. 
But that's another opportunity.
    And the third opportunity is there could be a lead agency. 
For example, on FirstGov, even though we're using some of the 
interagency money, GSA is the lead agency and is, in effect, 
sponsoring this, and they have the resources that we have 
reprogrammed to make sure that they can carry this out. There 
are other instances where other departments--Treasury, the 
Treasury Department is working on digital signatures. We have a 
$7 million request, which unfortunately does not look like it's 
going to be funded. We could use your help there. But that 
would be where they're taking the lead for the government. And 
I think that's correct, if I'm not mistaken. But they're the 
lead.
    So in different areas we'll ask different departments to be 
a lead agency. So that, pass the hat and the interagency fund, 
all get worked together. We use as much creativity as we can 
because the technology is developing an awful lot faster than 
the budget process, and you come up with new ideas in the 
middle of cycle, you want to fund them. You want to figure out 
how to do it lawfully.
    Mr. Turner. I think that pass the hat problem, we discussed 
that at the hearing yesterday, is one of the problems that we 
see in our present pursuit of information technology.
    Ms. Katzen. It has drawbacks.
    Mr. Horn. We will have another round here.
    The gentleman from Virginia, Mr. Davis, 5 minutes. It's 
your turn.
    Mr. Davis. Just a couple of questions.
    You addressed the establishment of the Y2K Council with 
John Koskinen, who did an outstanding job, I think we can all 
agree, as chairman. It's unclear to me how the need to 
establish a Y2K Council in 1998 validates OMB's role in 
managing information resources. It seems to me that instead it 
demonstrated OMB's inability to gather the necessary expertise 
and foresee the need to address the Y2K problem in a more 
timely manner and its subsequent inability to manage 
governmentwide Y2K remediation without bringing in someone like 
John Koskinen to head the whole thing up and to have the clout, 
and that you don't want to keep doing this kind of thing. Could 
you give me your comments on that?
    Ms. Katzen. Well, Mr. Davis, OMB had been responsible for 
the governmentwide Y2K efforts, and, in fact, as Administrator 
of OIRA, it was one of my primary responsibilities, and we set 
in motion the processes that the Federal agencies would use. We 
established the reporting practices. We established the CIO 
Council's involvement in this; the Y2K committee that I met 
with once a month, we did a lot of things within OMB. By 1998, 
it became clear that the issue was not just the Federal 
systems. The issue was the country. And there was banking and 
finance, there was energy, and it was more than the country. It 
was international as well.
    And so we discussed within the administration bringing in 
somebody who would focus attention, who would capture people's 
imagination, and who would work with State and local 
governments. I had already been meeting with NASIRE people in 
1995, 1996 and 1997. John Koskinen took it over. He worked with 
State and locals. He worked with the private sector. He worked 
with the international Y2K effort.
    The responsibility for the Federal systems themselves 
remained at OMB. We were the ones who did the quarterly 
reports. We were the ones who met with the laggers or those who 
were not moving as quickly as they should have. We were the 
ones who went to the President or the Vice President when we 
wanted additional help. John Koskinen was superb, and he was a 
superb candidate for this because he had just stepped down as 
DDM at OMB, and he knew where all the levers were. He never 
wanted to take from OMB its authority, but he wanted to work 
with us, and that was a very good mix.
    I was made the vice chair of the Y2K Council to keep the 
OMB piece of it intact. And I heard Mr. Doll say that Mr. 
Koskinen is a great model, and then he used the term ``for a 
single project.'' I agree with that. I think if there's a 
single project that you want done sometimes, you find somebody 
who has the stature, the experience and the connections to do 
it. But if you're talking about something like all of 
information technology, Mr. Doll also said you can't separate 
technology from government programs. That's the whole thing. 
Then I am less amenable.
    Mr. Davis. I want to get you out of here. I just look at it 
differently. You did a great job, but you had so many other 
things to do over there at OMB. You just did. You have so many 
responsibilities. You performed them admirably. I've worked 
with you on a lot of issues, and you're a great civil servant. 
But the problem was in that particular case you had too many 
things. The same thing concerns me with OMB and its structure 
today in giving it the emphasis. So I just look at it a little 
differently.
    But I'm really interested to hear your perspective. I 
appreciate your sharing it with me. I may get back to you with 
a couple of other questions just for the record so we can fill 
this up.
    You made one other comment that the administration will be 
changing, and at least we will have a new President and 
probably some new people, and we don't want to act 
precipitously. I agree. I'm just putting down a marker to say 
this is my concept, and we want to solicit advice on this as we 
move forward. This is kind of a work in progress. But I just 
wanted to share my thoughts, and I appreciate hearing yours. 
Thanks.
    Ms. Katzen. That's very helpful. Thank you, sir.
    Mr. Horn. Does the gentleman yield?
    Mr. Davis. I yield back.
    Mr. Horn. The gentleman from Texas Mr. Turner. I'll give 
you 4 minutes this time because I want the last 3 minutes.
    Mr. Turner. Thank you, Mr. Chairman.
    I concur with what my friend Mr. Davis said. I think we are 
introducing these bills here in the latter month of this 
Congress in order to get the issue on the table and begin to 
discuss what kind of structure a Federal CIO should have, 
because we know whoever is President is going to make this a 
part of their new administration.
    And I want to say that, you know, GAO made the comment that 
the benefit of a Federal CIO is the ability to focus 
exclusively on information technology.
    Your training is an attorney, as is mine. You practice 
regulatory and administrative law. You wear a lot of hats. 
You're the head of the CFO Council, the CIO Council, the 
Procurement Council. Even your Deputy, Mr. Spotila, who is the 
head of the Office of Information and Regulatory Affairs, has a 
wide range of duties, one of which is information technology, 
but he is neck deep into regulatory affairs in his office. And 
I think what we are trying to do here is to pursue a new 
position that has the exclusive ability to focus on information 
technology across government; to put in that position an 
individual who has the background, the experience and the 
educational training to suit he or she to the position of a 
chief information officer as we find in the private sector. And 
I think that by doing that, we will see more opportunities for 
cross-agency cooperation, and we'll see the Federal Government 
move forward at a much more rapid pace than we've seen in the 
past.
    That is not to say we are critical of anything you have 
attempted to do, but I think the emphasis on information 
technology is long overdue. And I know that you want to work 
closely with us to be sure that if we implement a Federal CIO, 
that it integrates well with your traditional functions. And I 
know that is one of your priorities, and we want to work with 
you in that regard.
    Ms. Katzen. Exactly. I appreciate that because I think 
there is much merit to this call for higher visibility, more 
focus or single-mindedness as it were. And my concern is that 
it be fully integrated within OMB because they have the 
budgeting and the management function governmentwide, and you 
can't easily separate the two. But the repeated calls for 
higher visibility and more single-mindedness, I think, have 
tremendous merit, and I appreciate your comments in that 
regard.
    Mr. Turner. Thank you, Mr. Chairman.
    Mr. Horn. I thank the gentleman.
    My question is this: I appreciate you giving us the history 
there, and that's some of it we learned new. But the fact was 
that nothing happened after this committee started the movement 
in April 1996. We wrote the President with the ranking 
Democrats at that time writing with us on the letter to put one 
person in charge in the executive branch. That was July 1997, 
and he finally got around to it in late 1997 and 1998 when Mr. 
Koskinen was brought out of retirement. While he was there in 
your position, he really didn't do anything on this. You were 
doing the work there, as I remember.
    Ms. Katzen. I was doing that, yes.
    Mr. Horn. And then he retired----
    Ms. Katzen. Although I reported to Mr. Koskinen, and he was 
aware of what I was doing, and he had sufficient confidence in 
me that he let me continue doing it.
    Mr. Horn. Well----
    Ms. Katzen. And I had sufficient confidence in him that 
when we talked to the President and said, I think we ought to 
find somebody, he was the first person that came to our mind, 
and we called him. He was only in retirement for 2 weeks before 
we got him back.
    Mr. Horn. He was in retirement, and he did not come back on 
board until April 1998.
    Ms. Katzen. Correct.
    Mr. Horn. He was on a honeymoon with his wife. So the fact 
is during this time, FAA, the IRS, billions of dollars were 
going through those things. Now, did your group at OMB pull the 
plug? Why not when you have that many billion dollars going 
right down the drain?
    Ms. Katzen. We did, in fact, review the FAA information 
systems--we're not talking Y2K now. We're talking the 
information systems themselves--the FAA system, the IRS system, 
which Mr. Flyzik can talk about the history of that through 
this past decade, the HTM system. There was a health system at 
HCFA.
    Mr. Horn. Right. They spent a few billion, too.
    Ms. Katzen. It was unbelievable. It was custom-built.
    As I said in my testimony, when we came into office, there 
was an established pattern. Federal systems were to be custom-
built with all the bells and whistles. They would inevitably 
come in over budget and so late that they would be obsolete by 
the time they were fully implemented.
    We changed that. We changed that with your help. We changed 
that with the help of Raines' Rules. We changed that. We're now 
focussing on open architectures, modular development. The whole 
Raines' Rules capital planning concept has turned it around, 
and you don't have those kind of unfortunate headlines as 
frequently by a long shot at the end of the decade that you did 
at the beginning of the decade. It took us time to turn it 
around. That was what I was focusing on at the beginning part 
of the century--decade.
    Mr. Horn. Who pulled the plug, OMB or the agency? Did the 
agency finally think about it, that they weren't managing 
anything?
    Ms. Katzen. We worked together. We're collegial. We raised 
issues----
    Mr. Horn. I know. Collegially with the taxpayers' money to 
the tune of $7 billion.
    Ms. Katzen. Well----
    Mr. Horn. That bothers me. The fact is nobody made the 
tough decisions except Raines. I thought Raines really knew 
what he was doing when he came in there. And we worked together 
on the questionnaire and all the rest of it. He was a very 
right-on-the-spot person. He might have pulled the plug. I 
don't know.
    Ms. Katzen. The health one was ended before Mr. Raines 
became the Director. It was while Ms. Rivlin was still the 
Director of OMB that we stopped the health one. We stopped them 
when it became clear to us that this was not the way to go, and 
we worked with them. They're individual cases. Individual 
systems presented different problems within the agencies 
because they had different needs. FAA's need was that they 
couldn't be without a system because of the security of the air 
traffic controls. We had to make sure that whatever we had was 
enough to bridge or link, and so it was not just possible to 
say, well, let's stop that and forget all about it and go to 
someplace else. We had to work to a transition. The IRS is one 
that took a different turn that Mr. Flyzik can talk to.
    Mr. Horn. Let me ask my last question. I know you have to 
go.
    Yesterday the subcommittee released its computer security 
report card for the Federal Government, with the government 
receiving a D minus overall. Given the Office of Management and 
Budget's oversight responsibility for agency computer security 
programs, how do you explain this?
    Ms. Katzen. Well, Mr. Chairman, I think, as Mr. Spotila 
indicated yesterday, we do not completely agree with the 
grades.
    Mr. Horn. Not one person under oath in this room disagreed 
with any grade. And if they're doing that to the press, they 
didn't do it here.
    Ms. Katzen. I was not here yesterday. Mr. Spotila was 
testifying. My understanding is that a lot of the agencies--
departments were, as they should be, totally candid about we're 
doing partly here, we're not doing anything here, we're doing 
something here. In some of the grades they got no credit for 
any of the things that they were doing.
    Grades come as a snapshot in time, and unlike the Y2K where 
you have a single function that you want to sort of track over 
time, and you can see whether you're 68 percent remediated, 98 
percent remediated, you get all the way to 100 percent, with 
security there are a variety of different measures and a 
variety of different standards depending upon the sensitivity 
of the information, because your security should be 
commensurate with the risk of loss. And a DOD is a very 
different animal from the Department of Agriculture, for 
example, where a civilian agency does not have to reach the 
same standards.
    Having said all of that, I would remind you that when Mr. 
Koskinen came into the office, the government was given a D 
minus also----
    Mr. Horn. That's right.
    Ms. Katzen [continuing]. For Y2K.
    Mr. Horn. And he got it up to a B, which is great.
    Ms. Katzen. What happened was in the 2-year period, because 
of the foundations that we had laid and the work that had been 
done by the Federal employees, there were no disasters at the 
date change. The Federal systems held together magnificently. 
People were ready ahead of time. And if we get a B minus when 
we actually end up having a nonevent, there's some sense that 
maybe the grading on the curve could be a little bit adjusted.
    Mr. Horn. It isn't graded on the curve. It's graded on the 
absolute. And remember that this is self-graded by the agency, 
not us.
    Ms. Katzen. They didn't give themselves a D minus. You took 
the information and gave them the grades. They didn't give 
themselves a grade. If you ask the agencies, and Treasury is 
here today, whether they deserved the grade they got or whether 
they thought that their work in process is warranting some 
other grade, I would be very interested in the responses, 
because what I hear is that they feel that the grading was kind 
of tough.
    Now, I did well in school with professors who gave tough 
marks, and I like to rise to the occasion, and I like to fight 
back, and I like to say, OK, you give me a B, I'll show you. 
I'll get my A.
    Mr. Horn. Good. We're glad we stimulated OMB to do 
something. And if it takes that, why we'll give them a D minus 
or a D plus next time.
    But, no, what we want is something that solves this, and we 
want people that make tough decisions with the taxpayers' 
money. That's what I'm concerned about. That's what every 
Member here regardless of party is concerned about. We can't 
afford these $4 billion boondoggles.
    Ms. Katzen. I share your--I agree with you completely.
    Mr. Horn. With security they can do a lot of things. They 
just haven't because there hasn't been the focus.
    Ms. Katzen. Well, and we haven't gotten the funding.
    Mr. Horn. They always say that. All you do is pull the plug 
on a few things. Energy is the prime example.
    Ms. Katzen. No, I'm sorry. What I meant--you may have 
misunderstood what I was staying. We have repeatedly requested 
the Congress to fund in the security area for FIDNA, for 
FEDCERT, for Cyber Core. There was a $90 million critical 
information protection piece that the Congress has not funded.
    We have requested funding for security again and again, and 
over the last several years and even right now the IRS piece is 
not fully funded. Apart from the security is the modernization 
that they need to do.
    So it's not that we're holding back, but I share your 
objective which is not to waste taxpayers' money, which is to 
provide the best service possible, to do it in a way that is 
reasonable and rational and responsive to the American people.
    I agree completely with where you're coming from, and, 
again, as I said in my opening statement, we think that the 
work that this committee has done has been very important and 
instrumental in helping us with whatever progress we have 
achieved, and we thank you for that.
    Mr. Horn. Let me ask the last question. Do any of the 
people here, and that includes the people who haven't had a 
chance to make their presentations, do you have any questions 
of the administration before Ms. Katzen leaves? Anybody want to 
raise their hand or something? Any question you've been wanting 
to ask the administration but couldn't? OK. Forever hold your 
peace, or talk to them on the side.
    Ms. Katzen. Thank you, sir.
    Mr. Horn. We thank you for staying, and we hope we haven't 
delayed you, but we're within 6 minutes. Thank you.
    We now go back to the presenters. Next is Paul E. Rummell, 
president and chief executive officer of RLG netPerformance, 
Inc., former Chief Information Officer for the Government of 
Canada.
    We're delighted to have you here, and we want to get a lot 
of your experience on the record.

  STATEMENT OF PAUL E. RUMMELL, PRESIDENT AND CHIEF EXECUTIVE 
  OFFICER, RLG NETPERFORMANCE INC., FORMER CHIEF INFORMATION 
              OFFICER FOR THE GOVERNMENT OF CANADA

    Mr. Rummell. Mr. Chairman, Mr. Turner, Mr. Davis, members 
of the subcommittee and distinguished panelists. I am very 
pleased to speak with you regarding establishing a Federal 
Chief Information Officer position in the U.S. Government. I 
have a unique perspective to share with you. I served as the 
first CIO for the Government of Canada, and I am an American 
citizen and a Canadian citizen. I have 28 years' experience in 
information technology.
    The role and mandate for Canada's CIO position is to bridge 
the direction and evolution of technology in government; work 
to improve relations with the vendor community; renew the IT 
community within the government, and tackle the inertia in 
Treasury Board and across the government by resolving key 
concerns effectively, like privacy and security.
    I reported to the Secretary of the Treasury Board and had a 
liaison and strong communication with the Prime Minister's 
office. My responsibilities were a $3-billion-a-year budget, 
16,000 employees, and a portfolio of 80 some departments and 
agencies, and I had a mandate to eradicate the year 2000 bug.
    Policy and management were focused on larger departments 
like Public Works, Revenue Canada, National Defense, Human 
Resource Development Canada, Industry Canada and the Department 
of Justice. Twenty of the largest departments and agencies were 
represented in a core committee which I chaired, and I 
consulted with smaller agencies and departments less 
frequently.
    I established a Council of Provincial CIO's to coordinate 
activities between their jurisdictions, and we met with other 
levels of government to coordinate service delivery initiatives 
for our government.
    The CIO position has made an impact on Canada's Federal 
Government success in information technology. We moved beyond 
establishing policy to a strategic leadership role with 
operational focus and delivered results in three key areas: 
infrastructure, innovation and service to the IT community.
    Infrastructure is the platform used to deliver cost-
effective, unified services to citizens. It's not just wires 
and networks, but INFOstructure, the policies, standards, 
procedures and directions that make interoperability a reality. 
It is the combination of people, process and technology to 
capture the imagination and achieve results.
    As CIO and an information exchange specialist, I was and 
continue to be in the business of innovation. The approach must 
be to balance risk and fiscal responsibility. The CIO position 
should be in a place that empowers solutions, from structural 
changes and alternate service delivery models to partnerships 
with other governments and the private sector.
    The CIO's core mandate was to provide advice, expertise and 
service to the information community across government, and my 
goal was not to get in your way, but to get things out of your 
way.
    We managed technology spending envelopes to be sure that we 
were making appropriate investments. We helped get the 
government through some challenges with megaprojects. We worked 
with the vendor and outsourcer communities to ensure modern 
procurement and project management procedures were in place.
    Information technology provides one of the cornerstones for 
the renewal of government. It is essential that the U.S. 
Government adopt a modern organizational structure with a 
Federal CIO to lead, make a real difference and encourage 
cooperation.
    It is your challenge as a subcommittee and as a government 
to play a leadership role in establishing a position that will 
direct the appropriate use of technology in our government. 
Based upon my experience, I favor the recommendation that the 
Federal CIO report to the Office of the President. I believe 
the position will be most effective in this structure.
    To sum up, these are exciting times. The new Federal CIO 
for the U.S. Government will have an ambitious agenda in this 
year 2000 and beyond. Effective use of technology will enable 
us to work harder, faster and smarter. This is not an end in 
itself. What counts is what it will enable us to do, and that 
is to serve Americans better. Thank you.
    Mr. Horn. Well, we thank you. Those insights are very 
helpful.
    [The prepared statement of Mr. Rummell follows:]

    [GRAPHIC] [TIFF OMITTED] T4562.147
    
    [GRAPHIC] [TIFF OMITTED] T4562.148
    
    [GRAPHIC] [TIFF OMITTED] T4562.149
    
    [GRAPHIC] [TIFF OMITTED] T4562.150
    
    [GRAPHIC] [TIFF OMITTED] T4562.151
    
    Mr. Horn. Our next presenter is Robert D. Atkinson, 
director of technology & new economy project for the 
Progressive Policy Institute.
    Mr. Atkinson.

  STATEMENT OF ROBERT D. ATKINSON, DIRECTOR, TECHNOLOGY & NEW 
         ECONOMY PROJECT, PROGRESSIVE POLICY INSTITUTE

    Mr. Atkinson. Thank you, Mr. Chairman, Mr. Turner, Mr. 
Davis.
    I was the author of a report that PPI released a few months 
ago called ``Digital Government, The Next Step to Reengineering 
the Federal Government.'' In that report we concluded that the 
single most important thing the Federal Government could do to 
foster the speedy transition to a digital Federal Government 
would be for Congress to create the position of a Federal CIO. 
Therefore, I strongly support the committee's efforts to do 
this as embodied in H.R. 4670 and 5024.
    Mr. McClure mentioned in his testimony that when Clinger-
Cohen was passed in 1995, that there was a debate whether we 
should create a Federal CIO at that time, and the decision was 
no. That may have been a reasonable decision at that time. I'm 
not sure. I wasn't involved in it then. But it's not now, and 
the reason for that is there's a saying in the Internet 
community that the Web changes everything. And I think the Web 
does change everything in government. And now for the first 
time--we could not just talk about the notion of functionally 
oriented government and moving beyond the stovepipes that Mr. 
Flyzik talked about, but we can do it now for the first time.
    We have the technology that lets us think about creating 
customer-oriented government. To do that, though, we need a 
management system that moves beyond just single agencies, 
thinking about an IT research from an agency's perspective. And 
I would argue we need to think about it on two levels. One, as 
I mentioned, is a functional-based, not agency-based, 
government. And there are a host of applications that one can 
imagine. One place for people who are engaged in exporting and 
importing. In fact, there's a program I will mention, the 
International Trade Data system. One place for companies to 
come and find out all the regulations that they have to deal 
with. One place to find out about education and training 
resources. One place to find out about health. All of these 
things can be done on a functional basis.
    Second, we need to think about an enterprisewide 
information architecture. There are a whole host of issues with 
regard to issues of data sharing, data collection, new types of 
interactive tools, expert systems, information on request 
systems, data base systems, and other wide-ranging issues which 
you've mentioned, security, privacy, digital signatures. All of 
those issues are essentially best handled on an enterprisewide, 
Federalwide level.
    Well, I think you've heard some arguments as to why the 
existing organizational and management system can do this. I 
would argue that the existing organizational system is really a 
function of the old legacy system, the old agency-by-agency 
system, and it isn't suited to doing what we need today. 
Obviously the proof is in the pudding.
    Let me mention two things. I don't really see a Federal 
digital government conversion plan right now. I don't think 
there is one. I haven't seen it. I think we need to have one to 
manage the overall resources.
    Second, let me mention one example of, to me, a very strong 
effort to do digital government on a functional basis, the 
International Trade Data system. ITDS was a great idea. It was 
developed--to take 104 different Federal agencies' programs or 
bureaus and streamline the collection and reporting of trade 
data. That system is essentially still in the water. It's not 
moving anywhere, and Customs has really taken over the charge 
and is planning to build a proprietary system. And we don't 
need a proprietary system. What we need is a functional system.
    And I would argue that if we had a CIO, the CIO's 
leadership would have been critical in making the ITDS system 
come about.
    There's another criticism that the CIO would add a layer of 
bureaucracy and delay, and that we don't need it because we 
already have that management system. I think it's interesting, 
we have 20 States now, or more than 20 States, that have 
cabinet-level CIOs that report directly to the Governor. In 
each of those 20 States, they also have their respective OMBs. 
They have Departments of Administration. They haven't 
eliminated those Departments of Administration. But what those 
Governors in the 20 States have realized is that digital 
government is so important to the functioning, to the mission 
of the Governor, of their administration that they need to 
create somebody whose mission it is to solely do that.
    And I think, Mr. Chairman, you've made that point, that 
it's not really a question of OMB falling down on the job. It's 
just that it's not their core mission. We need some 
institutions where that is the core mission.
    Last, there is a notion, well, maybe we don't need this 
because we can do this as single projects. And, again, the 
notion of Mr. Koskinen and the Y2K czar--and I'll quote Ms. 
Katzen saying that what was key about Mr. Koskinen was that 
``focused attention, captured imagination, and worked with 
State and local governments and the private sector.''
    To me, that's what we need to be doing every day. It's not 
just a Y2K problem. It's a security issue. It's a privacy 
issue. It's reinventing our Federal Government. We need 
somebody who does that as their mission on a daily basis.
    Let me close by saying this really isn't something that--I 
think you heard from Mr. Doll that States are doing this. The 
private sector is doing this. The old model in the private 
sector was that the person in charge of information technology 
was down in the bowels of the company buying computers and 
servicing them and that sort of thing.
    The new model is that companies are creating CIOs that 
report directly to the CEO and are partners with the CEO. Let 
me quote Cisco CEO John Chambers. He recently stated, ``the 
role of the top information executive has been elevated to that 
of a strategic partner with the CEO and the CFO.'' Corporations 
are doing that for a reason because they realize that without 
transforming their own companies into digital companies, 
they're going to be left behind in the marketplace. I would 
argue it's time we need to do that for the Federal Government.
    Thank you very much.
    Mr. Horn. Well, thank you.
    How long is that report that you mentioned?
    Mr. Atkinson. The report that we issued, very readable, is 
about 13, 14 pages.
    Mr. Horn. OK. I would like to put it in the record at this 
point if I might.
    Mr. Atkinson. I will submit it.
    Mr. Horn. Thank you very much.
    [The information referred to follows:]

    [GRAPHIC] [TIFF OMITTED] T4562.152
    
    [GRAPHIC] [TIFF OMITTED] T4562.153
    
    [GRAPHIC] [TIFF OMITTED] T4562.154
    
    [GRAPHIC] [TIFF OMITTED] T4562.155
    
    [GRAPHIC] [TIFF OMITTED] T4562.156
    
    [GRAPHIC] [TIFF OMITTED] T4562.157
    
    [GRAPHIC] [TIFF OMITTED] T4562.158
    
    [GRAPHIC] [TIFF OMITTED] T4562.159
    
    [GRAPHIC] [TIFF OMITTED] T4562.160
    
    [GRAPHIC] [TIFF OMITTED] T4562.161
    
    [GRAPHIC] [TIFF OMITTED] T4562.162
    
    [GRAPHIC] [TIFF OMITTED] T4562.163
    
    [GRAPHIC] [TIFF OMITTED] T4562.164
    
    [GRAPHIC] [TIFF OMITTED] T4562.165
    
    [GRAPHIC] [TIFF OMITTED] T4562.166
    
    [GRAPHIC] [TIFF OMITTED] T4562.167
    
    [GRAPHIC] [TIFF OMITTED] T4562.168
    
    [GRAPHIC] [TIFF OMITTED] T4562.169
    
    [GRAPHIC] [TIFF OMITTED] T4562.170
    
    [GRAPHIC] [TIFF OMITTED] T4562.171
    
    [GRAPHIC] [TIFF OMITTED] T4562.172
    
    [GRAPHIC] [TIFF OMITTED] T4562.173
    
    [GRAPHIC] [TIFF OMITTED] T4562.174
    
    [GRAPHIC] [TIFF OMITTED] T4562.175
    
    [GRAPHIC] [TIFF OMITTED] T4562.176
    
    [GRAPHIC] [TIFF OMITTED] T4562.177
    
    [GRAPHIC] [TIFF OMITTED] T4562.178
    
    Mr. Horn. When I was a university president, I had a CIO in 
1971, and I began to wonder what's the fuss, folks, we did that 
20, 30 years ago on every single decision before the 
university. He sat right at the management group. And it's 
about time that we got some focus on that in the executive 
branch.
    Now, our next presenter comes with great credentials that 
we all respect: William Scherlis, principal research scientist, 
School of Computer Science at Carnegie Mellon University. And 
Carnegie Mellon has done a marvelous job in working on just the 
issues that we're concerned about, so we're delighted to have 
you here.

STATEMENT OF WILLIAM L. SCHERLIS, PRINCIPAL RESEARCH SCIENTIST, 
     SCHOOL OF COMPUTER SCIENCE, CARNEGIE MELLON UNIVERSITY

    Mr. Scherlis. Thank you, Mr. Chairman.
    Mr. Chairman, Mr. Turner, Mr. Davis, thank you for the 
opportunity to appear today on this issue of the definition and 
role of the Federal CIO. My focus in this testimony is on 
innovation in government information technology. I am 
emphasizing innovation because I believe that we will not be 
able to realize the vision of government online, unless there 
is a new kind of leadership. Nor will we successfully address 
our security challenges.
    In particular I support the creation of a Federal CIO 
within the Executive Office of the President who can exercise 
positive leadership with respect to multiagency efforts, new 
kinds of customer-focused services, innovative acquisition 
processes and appropriate technological and architectural 
innovation.
    I'm going to make quick comments on each of these areas, 
but first the bottom line, which is that the Federal CIO must 
be empowered to provide this positive leadership. The 
empowerment should come from direct access to funds, agency 
funds which are used by the Federal CIO to leverage in order to 
buy down risk for innovative projects, for multiagency 
projects, and for exploratory projects. The process would be 
led by the Federal CIO, but administered and managed in 
individual agencies by agency CIOs. This would enable the 
Office of the Federal CIO to be a lightweight operation within 
the EOP along the lines envisioned in both of the proposed 
bills, H.R. 4670 and H.R. 5024.
    Why do we need this positive leadership? We need it in 
order to respond to several challenges. The first is customer-
targeted services and multiagency efforts. Starting and 
managing a small business, for example, requires an 
entrepreneur to interact with multiple agencies--in the present 
regime--and to develop a deep knowledge of the roles and 
structure of those agencies involved. It would be much more 
effective to offer one-stop shopping, and this is now being 
done in many States. The State of Washington, for example, has 
a superb Web site. This kind of one-stop shopping is also 
offered through emerging Federal sites, such as seniors.gov, 
students.gov, fedstats.gov and many others.
    These sites illustrate the value of real customer focus, 
but they also demonstrate, in the way that they are managed the 
challenges of real cross-agency interaction. An important role 
for a Federal CIO will be to lead in defining these areas of 
customer focus and in forging partnerships among agencies to 
enable better targeting of services. These are aggregations of 
services that go beyond a simple bundling of the stovepipes 
that we've been talking about.
    The second challenge is the rapid evolution of technology. 
Moore's law shows no signs of being repealed. Software is 
becoming the principal building material for competitive 
advantage in many sectors, ranging from health care to banking 
and other sectors.
    As you know, the Federal Government has a principal role in 
long-term innovation in information technology starting as 
early as the 1890 census with Hollerith's punched cards. I am 
presently chairing a National Research Council committee that 
is looking at advanced information technology in government. 
We've issued two reports on crisis management and Federal 
statistics identifying a number of long term technical 
challenges. We are completing a final report that is more 
broadly focused and that addresses some of the issues that we 
are considering today.
    Mission agencies with organic research capability have 
developed a culture of IT innovation to help ensure that their 
special needs are addressed over the long term and also that 
they can respond rapidly to new challenges, for example, in the 
security area. A Federal CIO could help create this culture of 
innovation throughout the government.
    A third challenge is the overall mechanism by which we 
undertake and manage IT acquisitions. Consider the case of a 
major Internet portal--commercial or governmental: Requirements 
are unlikely to be fully clear at the outset. The underlying 
technologies are evolving rapidly. And the capability, once we 
deliver it, will need to continue evolving rapidly. The 
security environment, for example, is complex and continually 
changing.
    Although I am not an expert in acquisition processes and 
regulations, it is clear that the present mechanisms and 
culture remain oriented around what is called the waterfall 
model. This model is not well-adapted to experimentation or 
prototyping or other forms of focused, careful risk-taking. 
Program managers often seem to resist the use of more 
aggressive acquisition models including those already available 
in the Clinger-Cohen Act; for example, modular acquisition and 
the use of commercial off-the-shelf components. Why? Because 
they have strong incentives to meet schedules and costs--to 
make these as predictable as possible and risk at a minimum--
even when it comes at a cost of overall capability, 
flexibility, interoperability, and other less easily measured 
attributes.
    The Federal CIO should have a major role in helping agency 
CIOs structure incentives--and regulations where appropriate--
to facilitate risk-managed acquisition processes.
    My written testimony addresses several other areas where 
this Federal CIO could provide this positive leadership.
    I would like to conclude by saying that I support the 
concept of a Federal CIO who can provide this positive 
leadership and who can catalyze effective--and pervasive--
government response to both the challenges and the 
opportunities of delivering government online. Thank you very 
much.
    Mr. Horn. Thank you very much.
    We appreciate--I would like to have a definition before we 
leave you of the waterfall concept. Is that when you put 
somebody in the barrel, and they go over Niagara Falls? Just so 
we can get bureaucracy cleared up today because we will have 
two asterisks that I've gained. So I do not regard this as 
something I have cared not to do. I am very interested in doing 
it, and you have all been memorable. So it will be the Scherlis 
law and the Flyzik law.
    Tell me about the waterfall.
    Mr. Scherlis. The waterfall model is a term that refers to 
a traditional step-by-step acquisition model. First a process 
is undertaken to initially formulate a precise definition of 
the system requirements. This is a process that sometimes can 
take years. After this is complete, then contracts are let and 
development processes are undertaken, followed by test and 
evaluation and ultimately delivery. But by the time the 
capability is delivered, the world has evolved and the 
requirements have changed, even assuming they were correctly 
identified at the outset.
    That's the waterfall model. It is a model that works well 
only for classes of systems that we have already developed 
successfully. It does not work well for systems that have even 
mildly innovative character.
    Mr. Horn. Having spent part of my life for 22 years at one 
university, I now think that even the Federal Government looks 
efficient. But I think you would agree on that. Things take a 
lot longer in the university. OK.
    Our last presenter and one individual who is very well 
known to this committee, and we appreciate all he's done for 
this subcommittee over the last 5 to 6 years, Dwight Ink is 
President Emeritus of the Institute of Public Administration. 
He was a former Assistant Director for Executive Management in 
the Office of Management and Budget from 1969 to 1973. A highly 
respected civil servant, he was taken by various Presidents to 
clean up this agency and that agency and another one.
    So we welcome your thoughts, Mr. Ink. You've got--I will 
give you 6 minutes.

   STATEMENT OF DWIGHT INK, PRESIDENT EMERITUS, INSTITUTE OF 
PUBLIC ADMINISTRATION, FORMER ASSISTANT DIRECTOR FOR EXECUTIVE 
    MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET (1969-1973)

    Mr. Ink. Thank you, Mr. Chairman, Mr. Turner and Mr. Davis. 
It's a pleasure to be here. By the way, I didn't think the 
waterfall approach ever worked very well.
    In summary, I believe the sponsors of these bills are 
correct in searching for ways in which to strengthen the 
information technology leadership capacity of our government. I 
do not believe these bills, however, provide the best way of 
achieving those goals, and, in fact, I think they may weaken 
what the sponsors are trying to accomplish. I would also urge 
that the committee look at this issue as well as others from 
the total Presidential perspective and the total congressional 
perspective rather than just IT. Otherwise I think we 
contribute to further growth of a stovepipe approach to 
government.
    First, as was said at the beginning of these hearings, IT 
certainly should be regarded as an integral part of the agency 
administrative and program activities. It is really the glue 
that connects everything else people do in government. So one 
of our goals, it seems to me, should be to search for ways to 
better integrate information technology with other management 
and program activities.
    I believe establishing a Federal Chief Information Officer 
that is freestanding and separate from other elements of 
management leadership will work against the need for 
integration.
    I also have some questions about the feasibility of some of 
the separation that is contemplated. For example, there are 
several paperwork reduction functions that are transferred out 
of OMB to this new office, and yet the basic tools for dealing 
with red-tape-cutting remain in OMB. So if these bills are 
passed, the leadership for cutting red tape is divided between 
two agencies, and I think that tends to result in nibbling at 
problems rather than reforming government processes.
    I think that fragmenting central management 
responsibilities inevitably creates unnecessary burdens for the 
agencies. Again, this is part of your stovepipe problem that 
was mentioned earlier.
    I believe this separation not only weakens IT over the long 
haul, it weakens other management functions. In my view, the 
more we establish organizational barriers among different 
fields of management, the less one area will benefit from the 
other, the less synergistic value we gain, and the more we 
handicap the President and the agencies in modernizing 
government.
    I would also ask the question if it should be regarded as 
necessary to have a freestanding IT unit in the Executive 
Office of the President, should we not do the same with respect 
to financial management, an extremely important area? What 
about procurement? What about program management? Everyone 
wants to be independent and report to the President, but in my 
view, this is the road to confusion, higher cost, managerial 
chaos and, again, stovepipe government.
    I do not see the freestanding IT office as having the 
capacity to provide the strong leadership that I know Mr. 
Davis, and Mr. Turner are seeking. People tend to assume that 
any office that reports directly to the President, especially 
if they are within the Executive Office of the President, has 
muscle, but this is simply not true. I know. I've been there.
    In fact, it is difficult for any organization to gain 
sustained attention on management issues because there are so 
many competing pressures within the Executive Office of the 
President. The OMB uses the leverage of the budget to help on 
issues directly related to the budget, but other management 
issues have great difficulty in competing with the budget 
pressures in OMB. A freestanding IT would have not even the 
budget leverage.
    In discussions about a separate Office of Management which 
have taken place in this committee, we've listed a series of 
elements of that office which we believe are absolutely 
necessary to provide the leverage needed to provide effective 
leadership on behalf of the President. I don't see any of those 
levers present in this separate IT. Without these levers, an 
Office of Management, I think, would not be wise, strongly as I 
support the concept. I believe a more narrowly based, 
freestanding IT would be even more impotent. Even with a 
structure separating these two, there would have to be some 
relationship to OMB. But who would coordinate IT and OMB? I 
mentioned other problems in my testimony.
    Although I do not support a freestanding IT, I do agree 
with the sponsors that it is desirable and, very important to 
take steps to enhance the IT leadership structure. This is one 
of the reasons I support the Office of Management which has 
been under consideration by this committee. The OMB leadership 
is hard pressed by complex annual budget and economic issues, 
and its leadership simply does not have the time to provide the 
focus and the energy that IT leadership requires in this day 
and age. An Office of Management would provide this leadership 
focus. It would provide the integration, and avoid the 
fragmentation of an isolated IT office.
    In summary, I believe an Office of Management, given the 
necessary leverage, would be a much better solution to what I 
agree is a need for greater IT leadership capacity. It would 
have the leverage and avoid isolating IT from other components 
of management leadership. Though I think these bills would have 
unfortunate unintended consequences that would run counter to 
the intent of the sponsors, I do agree with the sponsors on the 
need for change. I just think there's a better way to achieve 
their objective. Thank you.
    Mr. Horn. Thank you very much.
    [The prepared statement of Mr. Ink follows:]

    [GRAPHIC] [TIFF OMITTED] T4562.179
    
    [GRAPHIC] [TIFF OMITTED] T4562.180
    
    [GRAPHIC] [TIFF OMITTED] T4562.181
    
    [GRAPHIC] [TIFF OMITTED] T4562.182
    
    [GRAPHIC] [TIFF OMITTED] T4562.183
    
    Mr. Horn. That's very helpful testimony, and I can tell 
you've--given the preciseness within your paper, that you've 
spent a lot of your life on trying to get to the essence of a 
problem. So we're grateful that you've come from various States 
where you're now living and giving us some wisdom. So we thank 
you.
    We now have the questioning. The gentleman from Texas Mr. 
Turner, 5 minutes for questioning, and then Mr. Davis.
    Mr. Turner. Thank you, Mr. Chairman.
    We appreciate the testimony that each of you has given us, 
and I think it is apparent to us that every witness on the 
panel, perhaps with the exception of Ms. Katzen and Mr. Ink, 
have advocated a Federal CIO. We all respect that there is a 
clear issue we must correctly address as to how it should be 
structured.
    That is not to say that we should not address it within the 
context of the remarks Mr. Ink made. And I know Mr. Ink has 
been an advocate of separating the Office of Management and 
Budget into two entities with a Director of the Budget and a 
Director of Management, but it does seem that at least as we 
look to the private sector, the private sector has recognized 
the importance of having a chief CIO who works with the CEO and 
the CFO.
    I might ask, Mr. Scherlis, if you wouldn't mind commenting 
on the CIO in the context of the remarks Mr. Ink made as to 
where you think the structure should be in order to perhaps 
accommodate the kind of concerns that we just heard expressed 
from Mr. Ink, who definitely has a vast experience in the 
Federal Government.
    Mr. Scherlis. I enjoyed and appreciate his remarks, but I 
am unfortunately not familiar with the recommendations that 
were voiced here earlier concerning the concept of a separate 
Office of Management. But pertinent to the issue is the recent 
report released by the President's IT Advisory Committee on 
August 31 concerning transforming the government through 
information technology. It recommends creation of a new office 
within OMB called the Office for Electronic Government [OEG], 
with strong senior leadership. Although the concept of the 
Federal CIO is not explicit, the recommendations that we're 
talking about today are consistent with the recommendations of 
that report.
    The reason for separating the OEG from the OIRA within OMB 
is to create a focus of positive leadership that is separate 
from regulation and policy. There are many roles that are now 
being bundled together in one organization, and some separation 
of those roles is appropriate.
    On the basis of comments of Mr. Ink today, I believe that 
the recommendations that I've voiced are consistent with his 
comments.
    Mr. Turner. Mr. Atkinson, do you have an observation here?
    Mr. Atkinson. Yes, The major point I would want to stress 
after listening to Mr. Ink's comments is that information 
technology is fundamentally different. This is to me the 
central mission, the central challenge facing the Federal 
Government today, and it will be the central challenge for this 
decade, just as when we made this last major transformation 
from an old economy to a new economy back in the 1930's and 
1940's, and we created all new management structures in the 
Federal Government. I think this is just as equally a major 
transformation. This is about creating a fundamentally new 
economy, a digital economy, and it's creating a fundamentally 
new type of government.
    And I don't think that the existing structure of OMB or 
even in the Office of Management is suited to do that because 
the key to all of this is digital reinvention, and I think the 
core of that has got to be someone who is a CIO, who has that 
as their sole mission.
    The second point would be I think Mr. Ink mentioned we need 
to think beyond IT. I couldn't agree more. We need think beyond 
IT. That's why I think the CIO--if the CIO is just a glorified 
computer systems manager, then we won't think beyond IT. But if 
you think where the States are, most of the States' CIOs, when 
you listen to what they have to say, they're the ones that are 
arguing--all their language is about cross-cutting 
applications, breaking down barriers between bureaucracies and 
agencies who don't want to do that. And I think that's why the 
CIO is central to making all this happen.
    Mr. Turner. Mr. Rummell, I would like to hear your comments 
on it. I heard you say at the beginning of your testimony 
you've been working in the IT field for 30 years. One of the 
things I see lacking today in OMB is anyone with the 
background, the experience, the expertise to really move us 
forward aggressively in IT, but perhaps you would have some 
comments to share on the subject?
    Mr. Rummell. First of all, when I started with the Federal 
Government of Canada, I went on a whistle-stop tour of the 
departments and talked to the heads of the departments and 
agencies and the heads of the technology function of the 
departments. And I asked them what they were looking for from 
me as the new CIO for the government, and they said to me, 
leadership. And that surprised me, being in the land of 
leaders, because I suspected that all these people were leaders 
by themselves, but they really were looking for my leadership.
    They also were looking for us to provide the strategic 
direction; that was an overall context to take it from a 
50,000-foot elevation right down to ground level, and provide 
direction with large projects that were in trouble, to provide 
for e-government initiatives to coordinate and deliver 
services, and from the things that we put into place, we made a 
lot of progress. There was a lot of frustration. We really 
provided focus, and I think we provided a very solid 
operational plan, and I think that's what I was able to 
accomplish is that focal point.
    Mr. Turner. Thank you.
    Mr. McClure, when you look at the existing structure of 
OMB, is there anyone there who by education or background is 
uniquely qualified to fill this role today or--and I guess I 
might ask you is there anyone over there who has that as their 
sole responsibility?
    Mr. McClure. No. I think that highlights the concerns that 
I raised in my testimony, Mr. Turner. The Deputy Director for 
Management created by the CFO Act wears many, many hats, both 
the Chief Financial Officer, general management functions, 
statistical policy, procurement. The list is quite long in 
terms of overall management responsibilities of the Deputy 
Director for Management.
    Similarly in OIRA, the OIRA Administrator is really focused 
heavily in terms of resources on information collection 
requests, on burden reduction reviews and on calculating the 
cost and benefits from Federal regulations. So a lot of the 
staff in OIRA are focussed on these issues as opposed to the 
IRM or IT issues. So as a result we don't have someone in OMB 
full time focused, I would argue, on some of these important IT 
issues.
    Mr. Turner. Thank you.
    Thank you, Mr. Chairman.
    Mr. Horn. The gentleman from Virginia Mr. Davis.
    Mr. Davis. Thank you. I also want to extend my thanks to 
all the panelists.
    Mr. McClure, let me go back and ask you a question that I 
asked Ms. Katzen earlier. I asked if she could describe the 
leadership role that OMB has displayed in the past in 
defining--in managing interagency items. I am not just speaking 
of money items, but managing IT resources. How do you think OMB 
has kept track of those initiatives so that responsive 
decisions could be made when projects aren't working and should 
be halted or when a new direction should be taken?
    Mr. McClure. Mr. Davis, I think since the passage of 
Clinger-Cohen, to its credit OMB has certainly stepped up to 
the plate with some specific guidance, better guidance in many 
areas, for the agencies, in architecture, investment control, 
capital planning. We've worked actually with OMB in revising 
some of the guidance. I think the question for OMB is how to 
use the information that results from that new guidance to make 
really tough decisions about stopping, delaying, canceling or 
even accelerating good Federal IT programs, and that, I think, 
is where the jury is out.
    The fortitude of OMB to be able to step up to the plate and 
stop projects has not always been clearly demonstrated, in our 
opinion.
    Mr. Davis. Mr. Flyzik, let me ask you a question. Can you 
give me any recommendations that have been made by the CIO 
Council that have been implemented by OMB?
    Mr. Flyzik. What OMB has been doing with us, sir, is 
working to facilitate our recommendations. We do have a whole 
list of things that we have moved on, and moved quite quickly 
on. We have a whole lineup of interagency activities. The 
FirstGov project comes to mind; our public key infrastructure 
in the bridge certificate authority that enables digital 
signatures to really happen; the Access America series, Access 
America for seniors and students. We have a number of wireless 
initiatives. We have the Federal Commons Project, the 
Enterprise Project. They are supporting us on the concept of 
ITPS, or the information technology portfolio system, which 
will give us a common platform for building IT portfolios 
across government.
    The OMB role has evolved to one that I think has been 
working well. In the beginning, I guess, the Council went 
through kind of a bonding process, trying to figure out who we 
are and what we're going to do. I think we've moved over time 
into more of a leadership role where OMB is giving us support 
to move forward on projects and is listening and working with 
us.
    Mr. Davis. So as far as information resources management 
goes, you think that OMB is handling this, this statutory 
authority, is handling it well?
    Mr. Flyzik. I think it's evolving well under the guise of 
Clinger-Cohen. I do believe we're moving in a very, very 
positive direction. OMB is supporting us.
    As you're well aware, the Council does not have authority 
to issue policy. OMB does. What we do is we've been working 
with OMB in situations where we need policy guidance.
    Mr. Davis. Right. But can you give me a specific 
recommendation that you've made to them?
    Mr. Flyzik. We have Internet use policy. We're working on 
privacy policy now. We have a dialog ongoing on our Internet 
privacy issues and a number of things along those lines.
    Mr. Davis. Mr. McClure, do you have any observations on 
that?
    Mr. McClure. I think, as I said earlier, I agree with Mr. 
Flyzik that the role of OMB has changed under the recent 
passage of laws. They had tremendous responsibilities for not 
only issuing guidance, but also oversight responsibilities for 
major IT projects in the Federal Government. So, again, I 
return to the point, OMB should not be totally focused on 
justification for projects in the Federal budget. It also 
should play a role in stepping up and helping control projects 
that are out of line in terms of cost, schedule and 
performance.
    And in that area, again, I think that the track record is 
not what we would like to see it to be.
    Mr. Davis. Mr. Doll, let me ask you a question: In States 
where the CIO has multiple bosses, reports to one or more 
cabinet secretaries, what's their experience in achieving an 
integrated and coordinated information resources management 
policy?
    Mr. Doll. Where States' CIOs deal with multiple entities to 
get the job done, because of the typically high level, whether 
it's to the Governor's staff in addition to some council, or 
other entity that controls, again, it's a statewide 
implementation and application of technology across the State. 
And I think that's truly what the key is, because unless 
they're inserted at a level in the organization that's looking 
at IT as an entity in a field that helps make vision reality, 
then that's where they can have impact.
    Most States have put IT up there with human resources, 
financial management, administration, services that are used to 
make the vision of a Governor happen. And whether that is put 
through some committee or some special commission that a 
Governor has established or to the Governor directly, it's 
really that orientation of saying that to make the vision of 
education, whether that may be in a State or make the vision of 
economic development happen, that what you're trying to do is 
align this information technology world to see that as a 
reality.
    Mr. Davis. Mr. Atkinson, let me ask you a question: You 
make a strong case for the need for a strong centralized leader 
to achieve a digital Federal Government. What, in your opinion, 
are the flaws in current structure placing IRM responsibilities 
with OMB? Ms. Katzen seems to conclude that instead of a 
Federal CIO, OMB should have a strengthened role. How do you 
respond to that?
    Mr. Atkinson. Well, I think a major reason I would say 
that, is that I don't think that would achieve what you all are 
wanting to achieve and others are wanting to achieve. OMB is 
responsible, as Mr. McClure mentioned, for so many other 
things. And I don't think it would give the leadership that, 
for example, Ms. Katzen provided on the Y2K issue where it is 
much broader than that. Let me just mention another example. A 
lot of what I think digital government is about frankly is the 
details. And let me just mention one--Students.Gov--which is a 
portal for students. It's a very good effort, it's a great 
effort, and the people who developed it should be commended. 
The problem is with Students.Gov, though, it's what other 
agencies are doing. For example, in the Department of 
Education, they have their own Web site designed around 
students. On Students.Gov, you can apply for a student loan 
online. On the Department of Education Web site, you can't 
apply for a student loan online. There's no link back to 
Students.Gov.
    I can give you many more examples like that. What I think 
they're a reflection of is agencies doing their own thing. Even 
when they can get together with a portal like Students.Gov, you 
still have agencies doing their own thing. That's why it 
requires centralized leadership--will drill down into that 
level of detail to make it a much more coordinated system.
    Mr. Davis. Thank you very much. Mr. Chairman, I yield back 
and thank the panel for their indulgence.
    Mr. Horn. I thank the gentleman. And I don't believe the 
gentleman from Texas has any more questions. I have just one or 
two. And Mr. McClure, I don't want to put you on the hot seat, 
but the question is this: Of the two bills being considered, 
which one is closest to what you would consider to be a Federal 
chief information officer's role, responsibilities and 
empowerment as far as GAO feels is their recommendation?
    Mr. McClure. The seat is very hot, Mr. Chairman. Especially 
with both members present.
    Mr. Horn. I don't know how it's going to come out either, 
but I thought we'd like your views on it. But you did a great 
report there.
    Mr. Davis. We're not taking names.
    Mr. McClure. I just want to reiterate that both of them 
have positive characteristics. There's no reason why things 
that are in both bills could not ultimately be combined or 
considered together. I think the real question is whether this 
position is inside or outside of OMB. That seems to be the 
drawing distinction. There are clear advantages for having the 
CIO outside of OMB and contained within the executive branch. 
Because of many of the reasons that we went over today, it 
avoids the problem of multi-hatted responsibilities within the 
Office of Management and Budget.
    Having said that, it also creates, as many people have 
said, tremendous risk in that you're removing that budget lever 
from the chief information officer. I don't think that's 
necessarily true and it's certainly not true in private sector 
and public sector CIOs who do not have budget control either. 
They simply have to come to the table and work with those 
individuals that have budget control and the two combined can 
pull that lever.
    And I think that's the attraction that these bills have is 
they free up time for somebody to focus full time on such 
issues like electronic government and security at a time 
desperately where we need that kind of attention. It also 
allows them to sit at the table with the Director of OMB and 
have some very frank input on some budget directions and budget 
control.
    So I think, again, I've avoided answering directly, but I 
think that's the positives that I see in both bills.
    Mr. Horn. Mr. Doll, if I might, let me try this question 
out on you, and you probably don't have the answer, but maybe 
you do. A number of Governors change every once in a while 
based on the election. Have you found that the chief 
information officer of a State is carried on by another 
Governor, or do they have to sort of be partisan in relation to 
the Governor? What's your sort of off-the-top-of-the-head view 
of that.
    Mr. Doll. Well, to give you a scope, we've lost 16 CIOs 
this calendar year for one reason or another. Most going to the 
private sector. A number of those tied to the fact that this is 
the last year of the Governor's term. So we expect in the 
future that you will get this turn over. I think it's critical 
that the CIO be aligned to the Governor so that his or her 
vision can be carried out. And not someone who as you 
mentioned, will be able to sort of pass from administration to 
administration. Yes there is value in that, but the rest of the 
civil service below that level is typically there year after 
year, term after term. The key part to us at least in talking 
with my colleagues is making vision reality and applying 
information technology to that. And you have to be close and 
have the same orientation as that Governor to be successful in 
my mind.
    Mr. Horn. Mr. Rummell, I really have the same question in 
relation to the Canadian Government. When there were turnovers, 
did the CIOs in the agencies change or what?
    Mr. Rummell. There have been changes, again we've kept the 
same government so there haven't been political changes. There 
certainly have been no new CIOs appointed or rotated based upon 
the changes in the heads of agencies. I guess one of the other 
things that we had too, if I could make another comment, that 
was a terrific feature started in our government was agency 
heads would meet at a committee on information technology 
issues. They took a role of very active sponsorship and met at 
least once a month for 1 to 2 hours, and discussed cross-
cutting IT initiatives across the agencies and departments and 
the Canadian Government, and that really raised the level of 
sponsorship for the CIOs and for initiatives that were 
providing overall services to the public. So that's where I 
think we were also able to make a difference. Thank you.
    Mr. Horn. Well, thank you. I want to thank this panel.
    Mr. Ink. Mr. Chairman, could I make one rebuttal comment?
    Mr. Horn. OK.
    Mr. Ink. I think the States provide excellent ideas, 
excellent examples in many areas of governmental activity. You 
look at welfare reform, for example, they were well ahead of 
the Federal Government. And I think in terms of information 
technology, as it relates to the delivery services, States have 
a lot to offer. But I wanted to tell you there is a tremendous 
difference between operations within a Governor's office and 
that within the President's office. The leap in terms of 
pressures and the difficulty of having a workable base which 
will provide the strength for leadership is entirely different. 
Look at the West Wing program. I was thinking yesterday about 
the daily meetings I used to participate in with the top White 
House staff. Had I had responsibilities for only information 
technology or only procurement or only financial management, I 
wouldn't have been there, much less have had a voice at the 
table. Separate IT isolated from these other responsibilities 
will not have a voice at the table. Much as people might wish 
it otherwise, I think that's the fact of life, that's the way 
the President's office functions.
    Mr. Horn. Well, we thank you for that. We thank you also 
for coming on less than 24 hours' notice. And----
    Mr. Ink. Much less.
    Mr. Horn. Much less. I think all of your testimony has been 
very helpful and I'm grateful to you. I think some of the 
charts all of you provided was also very helpful. Staff on both 
sides might wish to have some questions sent out to you, and if 
you would take some time and give us a couple of answers, we'd 
like to put them at this point in the records if there's some 
we've missed or there's something you'd like to get on the 
record.
    But right now I'm going to thank our staff who put all this 
together: J. Russell George, staff director, chief council of 
the subcommittee; gentleman to my left, your right is Randy 
Kaplan, council to the committee, and he's worked on this 
particular hearing; and yesterday Ben Ritt, professional staff 
member on loan to us from the General Accounting Office, which 
always has good people and we're glad to use them; Bonnie 
Heald, director of communications; Bryan Sisk, clerk; Elizabeth 
Seong, staff assistant; George Fraser, intern; and from Mr. 
Turner's staff, Trey Henderson counsel, he's on his right; and 
Jean Gosa, minority clerk. And Mr. Davis' staff, Amy Heerink, 
we know how good she is on a lot of these things, and Melissa 
Wojciak. Then our court reporters are Julie Thomas and Colleen 
Lynch, and we thank you very much. And we adjourn the meeting.
    [Whereupon, at 12:16 p.m., the subcommittee was adjourned.]