[House Hearing, 111 Congress]
[From the U.S. Government Publishing Office]


 
               LIBRARY OF CONGRESS IT STRATEGIC PLANNING

=======================================================================

                                HEARING

                               before the

                           COMMITTEE ON HOUSE
                             ADMINISTRATION
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED ELEVENTH CONGRESS

                             FIRST SESSION

                               __________

                 HELD IN WASHINGTON, DC, APRIL 29, 2009

                               __________

      Printed for the use of the Committee on House Administration


                       Available on the Internet:
   http://www.gpoaccess.gov/congress/house/administration/index.html


                  U.S. GOVERNMENT PRINTING OFFICE
52-316                    WASHINGTON : 2009
-----------------------------------------------------------------------
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092104 Mail: Stop IDCC, Washington, DC 20402ï¿½090001

                   COMMITTEE ON HOUSE ADMINISTRATION

                ROBERT A. BRADY, Pennsylvania, Chairman
Zoe Lofgren, California              Daniel E. Lungren, California
  Vice-Chairwoman                      Ranking Minority Member
Michael E. Capuano, Massachusetts    Kevin McCarthy, California
Charles A. Gonzalez, Texas           Gregg Harper, Mississippi
Susan A. Davis, California
Artur Davis, Alabama
                 S. Elizabeth Birnbaum, Staff Director
               Victor Arnold-Bik, Minority Staff Director


               LIBRARY OF CONGRESS IT STRATEGIC PLANNING

                              ----------                              


                       WEDNESDAY, APRIL 29, 2009

                          House of Representatives,
                         Committee on House Administration,
                                                    Washington, DC.

    The committee met, pursuant to call, at 11:08 a.m., in Room 
1310, Longworth House Office Building, Hon. Robert A. Brady 
(chairman of the committee) presiding.
    Present: Representatives Brady, Lofgren, Gonzalez, Lungren, 
and Harper.
    Staff Present: Liz Birnbaum, Staff Director; Jamie Fleet, 
Deputy Staff Director; Khalil Abboud, Professional Staff; 
Michael Harrison, Professional Staff; Matt Pinkus, Professional 
Staff/Parliamentarian; Kyle Anderson, Press Director; Kristin 
McCowan, Chief Legislative Clerk; Victor Arnold-Bik, Minority 
Staff Director; Katie Ryan, Minority Professional Staff; and 
Karin Moore, Minority Legislative Counsel.
    The Chairman. I would like to call the Committee on House 
Administration to order.
    Good morning, everyone. We are convening here this morning 
to continue our oversight of the Library of Congress. Today we 
will focus on the Library of Congress management of information 
technology and strategic planning. As we continue to operate an 
increasingly digital world, we must learn to adapt to the 
environment around us. Information technology must consistently 
evolve, often at a remarkable pace.
    The Library of Congress faces particular challenges due to 
the large amount of information the Library stores and manages. 
Meeting these challenges is no small task. Ten years ago, the 
Library of Congress commissioned the National Research Council 
to study their IT strategic planning. In 2000, as a result of 
the study, the LC21 report provided many recommendations for 
the Library to make their IT systems more efficient. While the 
Library has implemented some of the LC21 recommendations, some 
areas still need to be addressed.
    The Library's inspector general recently released a report 
on IT strategic planning at the Library. While the inspector 
general's findings were generally favorable, he also found room 
for improvement. The Library's IT system must be coordinated 
with the strategic plan, as recommended in the LC21 report, and 
the Library's chief information officer must take 
responsibility for overseeing the Library's IT functions in 
addition to participating in broader program planning.
    With each day, information technology occupies a larger 
role in our work environment. Every year, the Library of 
Congress undertakes ambitious efforts to continue its mission 
of spreading knowledge. And while the ever-present tool of 
technology has allowed the Library to further this mission, we 
must ensure that the tool is used in the most efficient way. We 
look forward to the testimony from witnesses on these issues.
    I would now like to recognize Mr. Harper, in place of Mr. 
Lungren, for an opening statement.
    Mr. Harper. Thank you, Mr. Chairman.
    I would like to thank Chairman Brady for calling today's 
hearing.
    The Library of Congress is not only the world's largest 
library, charged with gathering and preserving an unsurpassed 
universal collection of documents, but also a global leader in 
digital initiatives to bring educational and historical 
resources to the fingertips of students and scholars around the 
globe.
    Since the National Research Council's 2000 report which 
assessed and outlined a digital strategy for the Library, we 
have seen the Library take major strides in technological 
advancement, including the migration from mainframe systems, 
standardization network infrastructure, the build-out of an 
alternate computing facility, and the establishment of 
international partnerships to develop digital collections.
    While such improvements have been made to the Library's IT 
infrastructure over the past decade, a recent review by A-Tech 
Systems on behalf of the Library's inspector general identified 
additional steps necessary to ensure that the Library has the 
technological and operational wherewithal to meet the ever-
growing digital demands of the 21st century.
    According to the review, the IT strategic plan is currently 
misaligned with the Library's overarching mission, rendering 
digitization efforts inconsistent without clear direction. With 
digital initiatives and programs so vital to the Library's core 
mission, Library IT operations need to migrate to a more 
cohesive, centralized design without paralyzing the autonomy of 
the Library's various programs. The A-Tech report also 
indicates that a more comprehensive IT strategy would reduce 
duplicative IT costs of overlapping support systems.
    Another area of concern highlighted by the review is the 
lack of IT security policies and enforcement. The valuable 
services provided by the Library's legislative information and 
research services are essential to the House's legislative 
business and are the window through which the American people 
view the actions of the Congress. Therefore, it is imperative 
that the Library's information security group has the policy 
tools and authority needed to ensure that systems integrity and 
security is maintained.
    Although the IG's recent review highlights some of the 
Library's IT weaknesses, I would like to reiterate how valued 
the Library's services are, both here in Washington and across 
the globe. The core mission of the Library hasn't changed, but 
to achieve its mission the Library must adapt to today's ever-
changing technological demands and challenges.
    There is no question that, under the direction of Dr. 
Billington, the Library has made progress in its technological 
evolution and has often been at the forefront of digital access 
to information in the Internet age. I think I speak for all of 
my colleagues here when I offer our support to ensure that the 
Library has the adequate infrastructure to meet its 21st-
century mission requirements.
    With that, I would like to thank each of our witnesses for 
joining us today to discuss the current and future state of the 
Library's technological infrastructure. And I look forward to 
your testimony.
    The Chairman. Thank you, Mr. Harper.
    I also am being monitored here today by a few people that, 
if not anything, I want to make sure that they get in the 
Congressional Record: my wife, Debra; my granddaughter, Serena; 
and my granddaughter, Alexandra.
    They don't believe that we do any work, and I tell them how 
hard we work, so they had to come down and see it for 
themselves.
    And I thank you for your interest, and I know I have to buy 
lunch and I have to buy dinner.
    So, with that, Ms. Lofgren, anything?
    Ms. Lofgren. I will reserve until after the testimony.
    The Chairman. Mr. Gonzalez.
    Mr. Gonzalez. Waive.
    The Chairman. Right now we welcome you, Ms. Laura Campbell, 
the chief information officer, Library of Congress; accompanied 
by Dr. James Billington, the Librarian of Congress; and Jo Ann 
Jenkins, chief operating officer, Library of Congress; and Karl 
Schornagel, the inspector general for the Library of Congress.
    And I guess we will start with Mr. Schornagel.

 STATEMENTS OF KARL SCHORNAGEL, INSPECTOR GENERAL, LIBRARY OF 
CONGRESS; DR. JAMES BILLINGTON, LIBRARIAN OF CONGRESS, LIBRARY 
 OF CONGRESS, ACCOMPANIED BY LAURA CAMPBELL, CHIEF INFORMATION 
    OFFICER, LIBRARY OF CONGRESS, AND JO ANN JENKINS, CHIEF 
             OPERATING OFFICER, LIBRARY OF CONGRESS

                  STATEMENT OF KARL SCHORNAGEL

    Mr. Schornagel. Chairman Brady, Mr. Lungren, and members of 
the committee, thank you for inviting me to speak today.
    Although the Library has made substantial strides in 
information technology in recent years, more work needs to be 
done.
    First, the Library's strategic planning process is not 
inclusive. Including staff at all levels of the formulation of 
a strategic plan and holding them accountable for results is a 
best practice and is shown to help execute the organization's 
mission.
    Further, although individual Library components are 
required to participate in the AP3 planning process, they are 
not required to prepare a strategic plan. We also found that 
the Library's IT strategic plan does not align well with the 
Library's overall strategic plan. While the IT plan focuses on 
service functions and technical support, the Library focuses on 
higher-level IT concepts. And there seems to be no direct 
linkage between the two plans.
    One of the consequences of unclear guidance in the IT 
strategic plan is divided Library components. This has created 
divergent paths for digitization strategies and projects. For 
example, while OSI concentrates more on digitizing materials 
for education, Library Services is trying to digitize more 
public domain material. Although these two avenues are 
certainly not mutually exclusive, they are not coordinated so 
as to maximize the Library's digitization dollars and result in 
fragmented digital offerings.
    Second, IT investments are not linked to the strategic 
plan, resulting in the duplication of efforts and acquisitions. 
There is no consistent cost-benefit analysis of alternatives, 
and it is difficult to track total IT costs.
    There needs to be a planning and investment process where 
spending decisions are aligned with mission goals. This process 
needs to be driven by the priorities derived from the strategic 
plan. Cost-benefit analyses are needed to determine whether to 
buy or build IT systems and to evaluate alternative 
technologies. As an example, an in-house system developed at 
significant cost for the Library's new audio-visual center had 
to be replaced shortly after implementation with an off-the-
shelf system because it did not meet the Library's needs. A 
well-developed planning process may have prevented this 
scenario.
    The lack of transparency in tracking IT costs has resulted 
in duplication of help desk support. For example, although the 
IT help desk is, or should be, the domain of ITS, there are, in 
fact, 131 additional employees sprinkled throughout the Library 
engaged in IT support, at an annual cost of over $12 million. 
Granted, some of these may be specialists in particular 
systems, but many also perform traditional help desk functions. 
There is no need to duplicate these infrastructures throughout 
the Library.
    Third, the organizational structure of ITS does not foster 
strategic planning and good IT governance, partly because, 
unlike most other organizations, the CIO at the Library 
combines both infrastructural support and major Library program 
functions. The CIO is ordinarily the head of the IT function 
and reports directly to the top. At the Library, the actual 
head of the IT function, the director of ITS, reports to the 
CIO, who then reports to the Librarian. As a consequence, the 
CIO is largely perceived as a CIO in name only due to her focus 
on the programmatic areas. The CIO has a track record of highly 
successful implementations, but organizational structure should 
be based on function and purpose, not on individuals.
    Also, the CIO is not endowed with the authority to make 
Library-wide decisions on IT governance. Other Library 
components make their own IT investment and acquisition 
decisions. The CIO has only limited authority to enforce 
Library-wide IT policy. A CIO cannot properly lead an IT 
organization without full authority for policy affecting IT 
issues, such as IT security and enterprise architecture.
    Fourth, the Library is just now developing an enterprise 
architecture, or EA, program. An EA framework provides a high-
level picture of as-is and future systems and business 
processes to provide a framework for making sound IT investment 
decisions. The Library is now embarking on an EA program but 
nonetheless lags significantly behind most organizations. 
Without an EA program, it is difficult for the Library to adopt 
a global view, thus continuing the current fragmented condition 
of IT investment decisions.
    And, finally, there are significant customer service 
problems, partially because the Library does not use quality-
assurance mechanisms, such as service-level agreements and 
performance metrics. Customers have created their own IT 
support organizations because their needs are not being met. 
Part of the problem is that ITS neither defines service 
expectations nor provides a yardstick for measuring quality. 
Customers work around ITS, and some good intentions are 
thwarted, such as the attempt to deploy network printer/copier/
scanners. After 5 years, the Library will have paid $5.7 
million for multifunction machines it uses only as basic 
copiers instead of making full use of their capabilities.
    The Library spends hundreds of millions of dollars on IT, 
and collectively we are confident that our recommendations will 
improve the economy, efficiency, and effectiveness of the 
Library's IT function.
    Thank you.
    [The statement of Mr. Schornagel follows:]

    [GRAPHIC] [TIFF OMITTED] T2316A.001
    
    [GRAPHIC] [TIFF OMITTED] T2316A.002
    
    [GRAPHIC] [TIFF OMITTED] T2316A.003
    
    [GRAPHIC] [TIFF OMITTED] T2316A.004
    
    [GRAPHIC] [TIFF OMITTED] T2316A.005
    
    The Chairman. Thank you.
    We, unfortunately, live by bells, and now this year we are 
living by buzzers, and the buzzer is going off. We have a vote 
on; we have three votes. And rather than hearing all the 
testimony and break it up, we will have to break it up sooner 
or later, so we might as well do it now. And we will be back 
hopefully in about 45 minutes.
    So we do apologize, but we have to run across and do our 
legislative business. And we will stand adjourned until about 
12 o'clock.
    Ms. Lofgren. Mr. Chairman.
    The Chairman. Yes?
    Ms. Lofgren. I have to chair a meeting at noon, so I will 
not be able to return. I am wondering if I could submit for the 
record the questions I have about the Law Library that were 
identified in the IG's report and ask for a written response to 
these questions from the Library.
    The Chairman. Yes, without objection.
    Ms. Lofgren. Thank you.
    [The information follows:]

    [GRAPHIC] [TIFF OMITTED] T2316A.006
    
    The Chairman. Thank you.
    And we will stand adjourned until around 12 o'clock.
    [Recess.]
    The Chairman. I would like to resume the Committee on House 
Administration hearing. And I apologize again, but we do live 
by those bells and buzzers, and we got back as quickly as we 
can.
    We heard from Mr. Schornagel. Mr. Billington, do you have a 
statement? I recognize you.

                 STATEMENT OF JAMES BILLINGTON

    Mr. Billington. Thank you, Chairman Brady and members of 
the committee. I am very glad to be here with all of you to 
comment briefly on the occasion of the committee's first 
hearing on Library issues in the 111th Congress. I appreciate 
the opportunity specifically to talk about the role of 
information technology in supporting the Library's mission and 
its current future needs to serve Congress and the American 
public.
    I am joined by Laura Campbell, the Library's associate 
librarian for strategic initiatives and chief information 
officer, and Jo Ann Jenkins, our chief operating officer. She 
will shortly be providing you specific commentary on the 
Library's response to the recent outside review and report by 
the inspector general that is the subject of today's hearing.
    The Library has already produced impressive results in the 
course of addressing the frontier challenges of the information 
revolution. We have, in effect, superimposed new digital 
processes and services on top of our continuing traditional 
functions. We have undertaken an unprecedented range and volume 
of innovative services for Congress and the American people. 
Let me just mention a few of the Library's leading-edge efforts 
that we have launched in our various divisions, bearing in mind 
that all of this has been accomplished with 1,000 less FTEs 
than we had in our peak pre-digital year of 1992.
    American Memory is the heart of our national digital 
library. Primary documents of American history and culture are 
online, archived, and freely available, with more than 15.3 
million important primary-source documents available, with 
clear territorial explanation and proven value in classrooms, 
libraries, and homes throughout America.
    Public spaces of the Jefferson Building we have transformed 
into an interactive learning center, providing digital 
enhancement to the great original documents of the American 
experience. The National Digital Information Infrastructure and 
Preservation Program was developed under the Library's 
leadership, under instructions from the Congress. It is a 
national network of partners to save at-risk content that 
exists only in highly impermanent digital form, material that 
if we do not save will be likely lost forever. This program has 
so far preserved 300 terabytes of stored digital information, 
which is the equivalent of 300 million volumes in analog form.
    Last week, we launched a path-breaking World Digital 
Library with material from all 192 countries of UNESCO that 
attracted 20 million page views in its first 4 days. The 
National Digital Newspaper Program, which is a joint project of 
the Library and the National Endowment for Humanities, will 
soon put online its 1 millionth newspaper page.
    The Copyright Office has developed an online system for 
copyright registration, and more than half of registrations are 
already being submitted electronically. The National Library of 
Service for the Blind and Physically Handicapped is in full-
scheduled transition to new digital machines and flashcards to 
serve 800,000 Americans.
    Since the mid-1990s, we have provided Congress with unique 
legislative information through our Congressional Research 
Service's Legislative Information System and serve the public 
with THOMAS, an online source of legislative documents and 
information on the work of Congress.
    I will be presenting testimony just a little bit later 
today to the House Appropriations Committee on the Legislative 
Branch concerning our fiscal 2010 budget request that focuses 
on moving to an enterprise architecture for the Library's 
technical infrastructure based upon the unique knowledge and 
experience of the last decade in what is a one-of-a-kind 
institution.
    So let me now introduce Laura Campbell, who has been at the 
Library since 1992, coming as a managing consultant from Arthur 
Young & Company, a CPA firm. She brought with her significant 
experience and expertise in strategic planning and systems 
integration. She has been a leader in our digitization projects 
and our chief information officer since 2002.
    Let me just say, in conclusion, that I will be happy to 
answer any and all questions and look forward to continuing our 
regular sessions with committee staff and to keeping you and 
the Members and the committee informed about our technological 
issues and progress.
    So I now turn it over to Laura Campbell.
    The Chairman. Thank you.
    Ms. Campbell.

                  STATEMENT OF LAURA CAMPBELL

    Ms. Campbell. Thank you. Chairman Brady, Ranking Member 
Lungren, and members of the committee, I would like to thank 
you for this opportunity to talk about the inspector general's 
April 22, 2009, report, ``Information Technology Strategic 
Planning.''
    While the vision that has driven our Library-wide strategic 
plan has helped us achieve worldwide recognition, the Library 
faces extraordinary challenges posed by technological change. 
The complex, dynamic environment within which the Library must 
acquire, preserve, and make information available to its 
customers requires managing many types of fast-changing digital 
formats across, not one, but multiple missions and their 
customers.
    During the last decade, by doing away with legacy 
equipment, we have transferred the cost savings and systems 
into an industry best practices organization for IT, as we have 
tried to keep current with the ever-changing computer 
technologies. We have not had an increase to our technology 
infrastructure since 2000.
    The most challenging aspect of this work has been to 
address how to handle the new digital object that formerly was 
a physical object, such as a book, sheet music, or even a map 
that you could touch. A digital object created on a Web site, 
maps created on the fly from databases, or documents from word 
processors require a whole new way of managing information, now 
in ones and zeros.
    Traditionally structured IT operations isolated from 
strategic management do not lend themselves to this new 
frontier. The role of the chief information officer, in too 
many organizations, just focuses internally. They are insular; 
they look inside, rather than externally. IT (information 
technology) is isolated from the strategic planning process and 
the management of the overall organization. In the Library's 
case, we have made a concerted effort to focus on the needs of 
the Library customers and on changing technologies as we 
deliver our mission.
    Dr. Billington just mentioned some of the Library's 
leading-edge initiatives. He just scratched the surface. All of 
these efforts have required state-of-the-art technology, have 
met mission goals of providing access to knowledge and 
information, and have helped us learn how to manage diverse and 
fast-changing technical formats for the many types of digital 
content.
    With regard to specific areas of the IG report, let me 
start with strategic planning process. We share the inspector 
general's recognition of the importance of information 
technology, and the need to ensure strategic planning for IT is 
a unifying force at the Library. This does include alignment of 
service unit plans with the libraries and ensuring technology 
initiatives and IT planning specifically are linked and 
understood throughout the Library. We, in OSI, the Office of 
Strategic Initiatives, have done some of the most forward-
thinking future-scenario planning for handling digital content 
in an IT environment then has been done anywhere, anywhere in 
the world.
    The Library is in the process of updating now its 2008 to 
2013 strategic plan to make sure that the Library priorities 
address the needs of its customers and that the synergies 
across programs are identified and coordinated. Strategic 
planning, for us, is an ongoing process.
    With regard to the IT investment process, the Library is 
currently managing IT investments in two ways. The Library 
Operations Committee, chaired by Jo Ann Jenkins, our chief 
operating officer, is made up of service unit deputies and 
infrastructure directors. That includes personnel, finance and 
facilities. They review and approve central IT investments.
    Examples over the past few years include investments that 
we have made by cost savings. Again, we haven't received an 
increase in our technology infrastructure budget. But through 
cost savings, we have invested through this Operating Committee 
in data and voice wireless systems, central management of the 
Library's workstations, the PCs on the desk, e-mail, and now 
enterprise architecture planning.
    The other service units and the other infrastructure units 
have smaller IT budgets, and their investments have been 
reviewed in the second way we make investments: through the 
budget request process, where, ultimately, decisions are made 
by the Librarian and the Executive Committee about what will go 
forward in the budget or what we will invest in.
    The Library will move to unify and formalize the process of 
investments, to ensure that all IT investments are under 
central oversight. But we do currently have two methods of 
investing.
    The chief financial officer will develop a plan to track 
all Library IT expenses across appropriations to identify any 
duplicative information technology costs. Centralization will 
continue to occur where appropriate. We note that some 
functions are more appropriately decentralized, to meet the 
immediate information management needs of the individual 
business units within the Library. Today, increasingly so--I 
know many of you may feel this yourself--IT skills become part 
of many people's jobs even though they weren't trained to be in 
the IT business.
    With regard to organizational structure, the Librarian 
reviewed the full report of the inspector general (IG) and has 
concluded--and we agree--that this limited report does not 
provide enough analysis by which fundamental decisions can be 
made about the Library's internal structure. A decision to 
conduct such a restructuring will require a broader and deeper 
analysis.
    With regard to enterprise architecture (EA)--that would be 
planning for the change in the way we handle our information 
environment across the institution--enterprise architecture, as 
noted in the report, the Library began the development of an 
enterprise architecture 2 years ago. It was suspended last year 
over funding availability but was restarted this past fall. We 
agree with the IG on the need for an enterprise architecture 
program, and we have contracted with what is one of the 
foremost authorities in this area to guide the Library in 
standing up such a program.
    This initiative is being overseen directly by the Library's 
Operations Committee and myself and involves all service and 
support units and business systems owners in the institution. 
The Library is committed to a useable and informed enterprise 
architecture. It is not our intention to reinvent the wheel, 
and we recognize the benefit of learning from the experience of 
other Federal agencies that are developing or have developed 
such architectures. Our EA team has visited several like-sized 
agencies, including the Government Printing Office (GPO) and 
this Friday they are going to be going to the Government 
Accountability Office (GAO).
    Finally, there is customer service. The Library will 
continue to move forward in a number of areas to improve 
information technology customer services. We agree that project 
management, systems development lifecycle, and help desk 
processes need constant updating. In fact, our systems 
development lifecycle has been significantly revised twice 
since issuance of this methodology in 2003. The security policy 
has also been revised twice, and security directives are under 
constant revision.
    The Library will re-evaluate our help desk contract once 
our chief financial officer has completed a review of help desk 
costs and any appropriate centralization areas that might be 
identified.
    And, very importantly, I think most importantly, we will 
expand on communications and feedback with our customers, 
including customer surveys, talking to our users, and we have 
started open quarterly information meetings across the Library.
    In closing, like every dynamic organization, the Library of 
Congress continues to look at how we can improve our business 
processes as we accomplish our mission-critical work. We are 
transitioning from isolated, content-specific applications to 
an information systems architecture that will allow us to be 
resilient, flexible, and scalable, so we can easily adapt to 
future technological advances as they come along and as we take 
in new and changing, complex content.
    I am confident that we can develop the framework that is 
needed to support our current and future information technology 
needs. Our work will be informed by this report, and I thank 
you very much for listening.
    [The statement of Ms. Campbell follows:]

    [GRAPHIC] [TIFF OMITTED] T2316A.007
    
    [GRAPHIC] [TIFF OMITTED] T2316A.008
    
    [GRAPHIC] [TIFF OMITTED] T2316A.009
    
    [GRAPHIC] [TIFF OMITTED] T2316A.010
    
    [GRAPHIC] [TIFF OMITTED] T2316A.011
    
    The Chairman. Thank you.
    Ms. Jenkins, anything?
    Ms. Jenkins. No.
    The Chairman. Okay. Now I would open up for questions.
    I have a few questions, Mr. Schornagel. If these 
recommendations would be implemented by the Library, how much 
time and how much money would you be saving?
    Mr. Schornagel. That is really hard to say. We point out in 
the report that the vast majority of these recommendations can 
be implemented at no cost. It is hard to say at this point how 
much savings would be possible, but we think that a very 
substantial amount over time.
    The Chairman. I guess the real question is, would it cost 
more money?
    Mr. Schornagel. No, I don't believe so. In fact, I think 
any additional cost would be more than offset by the savings.
    The Chairman. Okay.
    Ms. Campbell, you are the CIO. Does everybody with all the 
departments, do they all report to you, the IT planning? Are 
you the central person people report to?
    Ms. Campbell. Yes, I have the information technology 
operation under me and a staff that is working on our digital 
strategic initiatives.
    The Chairman. But you are accountable for all of them and 
they all report to you?
    Ms. Campbell. Yes.
    The Chairman. If any reorganization would take place, would 
it be with outside contractors? It wouldn't hurt any employees 
that would be there now? There wouldn't be any outsourcing or--
if there would be outsourcing, it wouldn't be taking jobs away 
from anybody that is there now?
    Ms. Campbell. If we were to reorganize?
    The Chairman. Yes.
    Ms. Campbell. Probably not
    The Chairman. That is a tough word, that ``probably.''
    Ms. Campbell. I mean, without knowing how you would 
reorganize, it is hard for me to----
    The Chairman. As soon as people start losing their jobs, 
then you have to come back in front of us and we have to figure 
out how or what we can do about that. We don't want to see any 
of that happen.
    Ms. Campbell. I understand.
    Ms. Jenkins. I don't think that is the expectation--the 
recommendations from the IG is about restructuring existing 
organizations. As we move forward, we have asked Congress, for 
increasingly more contracting dollars, but the intent is not to 
do away with any of the employees that we currently have in 
these functions. So, no, we would not.
    The Chairman. If that happens, I am telling your brother-
in-law, who is from Philadelphia, by the way, who we know.
    Thank you.
    Any other questions? Mr. Lungren?
    Mr. Lungren. Thank you very much, Mr. Chairman.
    And I think we ought to recognize the tremendous work that 
has been done by the Librarian as we move more and more into 
this technological age and the requirements that places on the 
institution that we call the Library of Congress.
    Mr. Inspector General, I just wondered, you sat here 
through the testimony of the others, anything that you didn't 
hear that we need to hear?
    Mr. Schornagel. I don't think so. I think you can tell from 
the report that the Library was pretty responsive to our 
recommendations. I believe we made 28 recommendations and the 
Library agreed with three-quarters of those.
    Mr. Lungren. Well, you can agree with them, and you can act 
on them.
    Mr. Schornagel. Yes, exactly. And that is why----
    Mr. Lungren. Is there anything here that bothers you about 
action or inaction?
    Mr. Schornagel. I am always skeptical because, like you 
say, we make recommendations and a lot of people may agree with 
them then maybe they never intend to do anything about it. I 
think my office has a very strong record of following up on our 
recommendations, especially the most important recommendations. 
And I fully intend to do that within the next year, or perhaps 
even sooner on some of these.
    Mr. Lungren. Okay. One area that is a real concern to me--
and I address this to both you and Ms. Campbell--and that is 
the area of cybersecurity throughout government but also in the 
private sector.
    It is no secret that we are playing catch-up in 
cybersecurity throughout the government and also in the private 
sector. Those that would do us damage or those who are just 
intent on mischief in some ways have gotten the upper hand, 
because, frankly, we have created systems without anticipation 
that people would just, for the heck of it, want to interfere 
with those systems, destroy those systems, alter those systems.
    You made some recommendations with respect to security.
    Mr. Schornagel. Correct.
    Mr. Lungren. Where are we in terms of security in our IT?
    Mr. Schornagel. I think we have come an awful long way. 
During our financial audits over the past 10 years, we have 
noted a lot of weaknesses in policy and applications in IT 
security. But since Jim Gallagher, the head of ITS, was brought 
in by Laura Campbell several years ago, I think we have made 
tremendous strides.
    And my office actually did a review, conducting penetration 
testing of our networks about 5 years ago. And I think a lot of 
the holes and a lot of the patches that needed to be made then 
were made. But perhaps that is an area that we can follow up 
on.
    But overall, I think the Library's IT security program is 
tremendously better than it was a few years ago and, by 
benchmarking against other Federal agencies, in pretty good 
shape.
    Mr. Lungren. Okay.
    Ms. Campbell, we know from public disclosure the number of 
attacks that take place at the Pentagon. Here, in this place, 
it has been noted that in this place there are attacks on the 
IT system here.
    Are you satisfied that the systems you have in place are 
detecting those attacks that may be directed at the Library of 
Congress in its various functions? Secondly, if you are 
satisfied now, how do you ensure that we continue that level of 
satisfaction in the future?
    Ms. Campbell. I am satisfied that we now have the right 
detection and firewalls and security up around access to the 
Library's data. In the future, I think that requires constant 
monitoring and outside tests that you would routinely do 
instead of monitoring--it is the checks and balances.
    Mr. Lungren. How often do you do those tests?
    Ms. Campbell. We had the National Security Agency come in 
and set up--their white team, I believe it is--come in and help 
us set up our program. And we go through an annual audit, as 
Karl has mentioned, on our security program.
    Mr. Lungren. Okay, let me switch to another subject. And 
that is, in a hearing, I don't know if it was a year or 2 years 
ago, that we had talking about an article that had appeared in 
the newspaper about lost parts of your overall inventory, and 
then we realized that it wasn't all lost, some of them hadn't 
been cataloged or they were in the process of being cataloged, 
and the statement was made--and I will just paraphrase it--that 
you were moving to a different cataloging system because you 
were digitizing the cataloging system.
    Can you tell us where we are on that? How much of the 
inventory has been converted to that format?
    Ms. Campbell. I can't answer that. I am not the right 
person to answer that. But I can get an answer for you, or 
perhaps Dr. Billington can comment.
    How much of the inventory has been cataloged?
    Mr. Billington. I can't give you an exact figure, but we 
have made progress, and we are working on that. In fact, that 
is something which I am going to get into in the next hearing I 
have shortly. But we will get you the exact figures.
    Mr. Lungren. Okay. And let me ask this, because one of the 
things I have found as we have looked at--I happen to be the 
ranking member on the Cybersecurity Subcommittee in Homeland 
Security. And one of the concerns that we have had--or one of 
the ways in which we see the level of importance given towards 
cybersecurity is whether or not there is an individual chief 
information officer for whom that is the only job that they 
have and that they report directly to the CEO. At least that is 
one indication that they take it seriously.
    Ms. Campbell, I am still a little uncertain what strategic 
initiatives means as opposed to chief information officer, 
whether that is entirely divorced from that, whether that 
divides you up, and, frankly, if it does, whether that means 
you can give enough attention to the responsibilities of the 
CIO.
    Ms. Campbell. Let me try to respond to that. We have an IT 
security group that consists of seven staff and seven 
contractors. They have a budget of $1.34 million per year. The 
IT operation has been a traditional IT shop. We have moved, 
over the years, from traditional business systems of finance 
and personnel and MIS systems and facility systems and the 
cataloging system to now embrace managing full digital content 
and all these various complex digital types of data.
    The Strategic Initiatives Program was put together to 
tackle one of our biggest strategic challenges, and that is 
building a network environment within which we have many 
partners to help us collect important born-digital content 
that, if we don't get it now, it is going to be lost for future 
generations.
    So the historical decision to put strategic initiatives 
with the previously isolated IT department was to ``row in the 
same direction,'' so that you had an ``engine'' that was out 
there doing state-of-the-art work, pulling the regular 
``steady-state'' train.
    Mr. Lungren. I appreciate that. And that is an unbelievable 
opportunity to get three analogies into one sentence. You have 
a train, we are rolling together, and I forget the third one, 
but it conjures up all sorts of ideas in my mind. But that is 
what the digital age is all about.
    Ms. Campbell. Exactly. We are just trying to stay abreast 
as best we can and make certain everybody in the IT operation 
has a part in that future.
    Mr. Lungren. Thank you, Mr. Chairman.
    The Chairman. Thank you.
    Mr. Harper.
    Mr. Harper. Mr. Schornagel, it looked like you were maybe 
reaching for the button. Did you have a response to that, too?
    Mr. Schornagel. Yes, I would just like to point out that, 
in our report, we did mention that the IT security program at 
the Library is very well-structured and managed, but we feel 
that the function needs some teeth. One of the problems is that 
the IT security head is not able to enforce policy, and, in 
some cases, that creates a problem and sets a precedent.
    Mr. Harper. Okay.
    Ms. Campbell, when I look at the organizational chart, 
which are always fun to look at in any agency, but when I see 
the information technology services down here under your side 
of that, are you saying that this is the best approach for IT 
within the Library of Congress? Or is it something that we 
should consider moving up, like Mr. Lungren had indicated, to 
possibly have that report directly to the CEO?
    Ms. Campbell. I have a strong bias, so I don't know that I 
can give you the most objective response to this. I think that 
is a decision that Dr. Billington will take under advisement. 
But I do believe strongly that you can't isolate IT.
    I, as the CIO, do have responsibility for our digital 
strategic transformation, along with my colleagues because we 
are all in this business together. Someone needs to lead the IT 
shop. If it isn't me, somebody else needs to do it. And I 
report directly to Dr. Billington and sit on our executive 
committee. So I try to represent the IT.
    Jim Gallagher, sitting behind me, sits with Jo Ann Jenkins 
on the Operations Committee.
    Mr. Harper. If I could see, Mr. Schornagel, your view on 
that question that I asked Ms. Campbell about that 
organizational chart and what your preference would be. And are 
you familiar with any other agencies that combine an IT 
function with a programmatic function?
    Mr. Schornagel. No, I am not. As a matter of fact, that was 
one of the important points in our report, is that we think 
that the IT function needs to report directly to the agency 
head. And I think Laura Campbell has her hands more than full 
with the programmatic side.
    Mr. Harper. And when you said that three-fourths of the 28, 
I believe, proposals you had they agreed with, would this have 
been one of the one-fourth that was not agreed with? Or was 
this even one of your recommendations?
    Mr. Schornagel. Well, that was one that the Library 
deferred making a decision on until--I think the Librarian has 
established a separate committee, during the course of our 
conducting this audit, to look at strategic planning. And so, 
they are deferring the decision based on that.
    But we have pretty strong feelings that this is very much 
an anomaly in not only public but in private organizations, as 
well, having these two functions combined.
    Mr. Harper. And I am certainly sensitive to the fact that 
you all have to run very soon to get to another meeting. If I 
could ask Ms. Campbell another question on security issues, 
following up on that.
    If there is some type of security violation, is that going 
to be reported to you or Mr. Gallagher? Or how does that work, 
when you have some type of perceived security violation in the 
IT system?
    Ms. Campbell. It is reported to the IT director and to the 
deputy and to me.
    Mr. Harper. Okay. And then what action is taken from that 
point? Just whatever may require----
    Ms. Campbell. Right. It depends on the type of violation it 
is.
    And we do, in fact, have the authority to shut down 
people's PCs at the Library. I think there was some confusion 
about that. We have exercised that authority
    Mr. Harper. Well, then I will just say what a treasure the 
Library of Congress is, and I appreciate you all's efforts.
    And no more questions, Mr. Brady.
    The Chairman. Thank you, Mr. Harper.
    And thank all of you. I had my little mini tour Mr. 
Billington gave to me, but I want to get a major tour next time 
I come over. And you do do a great service for this institution 
and for the general public. And so, for that, I thank you. And 
we are here to aid in any way that we can to make sure that 
that service continues.
    So, thank all of you.
    Mr. Billington. Thank you very much.
    The Chairman. The hearing is now adjourned.
    [Whereupon, at 12:46 p.m., the committee was adjourned.]
    [Information follows:]

    [GRAPHIC] [TIFF OMITTED] T2316A.012
    
    [GRAPHIC] [TIFF OMITTED] T2316A.013
    
    [GRAPHIC] [TIFF OMITTED] T2316A.014
    
    [GRAPHIC] [TIFF OMITTED] T2316A.015
    
    [GRAPHIC] [TIFF OMITTED] T2316A.016
    
    [GRAPHIC] [TIFF OMITTED] T2316A.017
    
    [GRAPHIC] [TIFF OMITTED] T2316A.018
    
    [GRAPHIC] [TIFF OMITTED] T2316A.019
    
    [GRAPHIC] [TIFF OMITTED] T2316A.020
    
    [GRAPHIC] [TIFF OMITTED] T2316A.021
    
    [GRAPHIC] [TIFF OMITTED] T2316A.022
    
    [GRAPHIC] [TIFF OMITTED] T2316A.023
    
    [GRAPHIC] [TIFF OMITTED] T2316A.024
    
    [GRAPHIC] [TIFF OMITTED] T2316A.025
    
    [GRAPHIC] [TIFF OMITTED] T2316A.026
    
    [GRAPHIC] [TIFF OMITTED] T2316A.027
    
    [GRAPHIC] [TIFF OMITTED] T2316A.028
    
    [GRAPHIC] [TIFF OMITTED] T2316A.029
    
    [GRAPHIC] [TIFF OMITTED] T2316A.030
    
    [GRAPHIC] [TIFF OMITTED] T2316A.031
    
    [GRAPHIC] [TIFF OMITTED] T2316A.032
    
    [GRAPHIC] [TIFF OMITTED] T2316A.033
    
    [GRAPHIC] [TIFF OMITTED] T2316A.034
    
    [GRAPHIC] [TIFF OMITTED] T2316A.035
    
    [GRAPHIC] [TIFF OMITTED] T2316A.036
    
    [GRAPHIC] [TIFF OMITTED] T2316A.037
    
    [GRAPHIC] [TIFF OMITTED] T2316A.038
    
    [GRAPHIC] [TIFF OMITTED] T2316A.039
    
    [GRAPHIC] [TIFF OMITTED] T2316A.040
    
    [GRAPHIC] [TIFF OMITTED] T2316A.041
    
    [GRAPHIC] [TIFF OMITTED] T2316A.042
    
    [GRAPHIC] [TIFF OMITTED] T2316A.043
    
    [GRAPHIC] [TIFF OMITTED] T2316A.044
    
    [GRAPHIC] [TIFF OMITTED] T2316A.045
    
    [GRAPHIC] [TIFF OMITTED] T2316A.046
    
    [GRAPHIC] [TIFF OMITTED] T2316A.047
    
    [GRAPHIC] [TIFF OMITTED] T2316A.048
    
    [GRAPHIC] [TIFF OMITTED] T2316A.049
    
    [GRAPHIC] [TIFF OMITTED] T2316A.050
    
    [GRAPHIC] [TIFF OMITTED] T2316A.051
    
    [GRAPHIC] [TIFF OMITTED] T2316A.052
    
    [GRAPHIC] [TIFF OMITTED] T2316A.053
    
    [GRAPHIC] [TIFF OMITTED] T2316A.054
    
    [GRAPHIC] [TIFF OMITTED] T2316A.055
    
    [GRAPHIC] [TIFF OMITTED] T2316A.056
    
    [GRAPHIC] [TIFF OMITTED] T2316A.057
    
    [GRAPHIC] [TIFF OMITTED] T2316A.058
    
    [GRAPHIC] [TIFF OMITTED] T2316A.059
    
    [GRAPHIC] [TIFF OMITTED] T2316A.060
    
    [GRAPHIC] [TIFF OMITTED] T2316A.061
    
    [GRAPHIC] [TIFF OMITTED] T2316A.062
    
    [GRAPHIC] [TIFF OMITTED] T2316A.063
    
    [GRAPHIC] [TIFF OMITTED] T2316A.064
    
    [GRAPHIC] [TIFF OMITTED] T2316A.065
    
    [GRAPHIC] [TIFF OMITTED] T2316A.066
    
    [GRAPHIC] [TIFF OMITTED] T2316A.067
    
    [GRAPHIC] [TIFF OMITTED] T2316A.068
    
    [GRAPHIC] [TIFF OMITTED] T2316A.069
    
    [GRAPHIC] [TIFF OMITTED] T2316A.070
    
