[Senate Hearing 112-259]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 112-259
 
                   EXAMINING THE PRESIDENT'S PLAN FOR
        ELIMINATING WASTEFUL SPENDING IN INFORMATION TECHNOLOGY

=======================================================================


                                HEARING

                               before the

                FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT
                   INFORMATION, FEDERAL SERVICES, AND
                  INTERNATIONAL SECURITY SUBCOMMITTEE

                                 of the

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE


                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                               __________

                             APRIL 12, 2011

                               __________

         Available via the World Wide Web: http://www.fdsys.gov

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs




                  U.S. GOVERNMENT PRINTING OFFICE
67-128                    WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202ï¿½09512ï¿½091800, or 866ï¿½09512ï¿½091800 (toll-free). E-mail, [email protected].  

        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

               JOSEPH I. LIEBERMAN, Connecticut, Chairman
CARL LEVIN, Michigan                 SUSAN M. COLLINS, Maine
DANIEL K. AKAKA, Hawaii              TOM COBURN, Oklahoma
THOMAS R. CARPER, Delaware           SCOTT P. BROWN, Massachusetts
MARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana          RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri           JOHN ENSIGN, Nevada
JON TESTER, Montana                  ROB PORTMAN, Ohio
MARK BEGICH, Alaska                  RAND PAUL, Kentucky

                  Michael L. Alexander, Staff Director
               Nicholas A. Rossi, Minority Staff Director
                  Trina Driessnack Tyrer, Chief Clerk
            Joyce Ward, Publications Clerk and GPO Detailee
                                 ------                                

 SUBCOMMITTEE ON FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT INFORMATION, 
              FEDERAL SERVICES, AND INTERNATIONAL SECURITY

                  THOMAS R. CARPER, Delaware, Chairman
CARL LEVIN, Michigan                 SCOTT P. BROWN, Massachusetts
DANIEL K. AKAKA, Hawaii              TOM COBURN, Oklahoma
MARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona
CLAIRE McCASKILL, Missouri           RON JOHNSON, Wisconsin
MARK BEGICH, Alaska                  ROB PORTMAN, Ohio

                    John Kilvington, Staff Director
                William Wright, Minority Staff Director
                   Deirdre G. Armstrong, Chief Clerk


                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Carper...............................................     1
Prepared statements:
    Senator Carper...............................................    41
    Senator Brown................................................    44

                               WITNESSES
                        TUESDAY, APRIL 12, 2011

Hon. Vivek Kundra, Federal Chief Information Officer, 
  Administrator for Electronic Government and Information 
  Technology, Office of Management and Budget....................     4
David McClure, Associate Administrator, Office of Citizens 
  Services and Innovative Technologies, U.S. General Services 
  Administration.................................................     6
David A. Powner, Director of Information Technology Management 
  Issues, U.S. Government Accountability Office..................     8
Stephen W.T. O'Keeffe, Founder, MeriTalk.........................    24
Rishi Sood, Vice President, Government Vertical Industries, 
  Gartner, Inc...................................................    26
Alfred Grasso, President and Chief Executive Officer, The MITRE 
  Corporation....................................................    29

                     Alphabetical List of Witnesses

Grasso, Alfred:
    Testimony....................................................    29
    Prepared statement...........................................    98
Kundra, Hon. Vivek:
    Testimony....................................................     4
    Prepared statement...........................................    47
McClure, David:
    Testimony....................................................     6
    Prepared statement...........................................    53
O'Keeffe, Stephen W.T.:
    Testimony....................................................    24
    Prepared statement...........................................    80
Powner, David A.:
    Testimony....................................................     8
    Prepared statement...........................................    62
Sood, Rishi:
    Testimony....................................................    26
    Prepared statement...........................................    93

                                APPENDIX

Questions and responses for the Record from:
    Mr. Kundra...................................................   107
    Mr. Powner...................................................   111


                     EXAMINING THE PRESIDENT'S PLAN
                   FOR ELIMINATING WASTEFUL SPENDING
                       IN INFORMATION TECHNOLOGY

                              ----------                              


                        TUESDAY, APRIL 12, 2011

                                 U.S. Senate,      
        Subcommittee on Federal Financial Management,      
              Government Information, Federal Services,    
                              and International Security,  
                      of the Committee on Homeland Security
                                        and Governmental Affairs,  
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 10:35 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Thomas R. 
Carper, Chairman of the Subcommittee, presiding.
    Present: Senators Carper and Brown.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. The hearing will come to order. Welcome one 
and all, especially to our witnesses today. Thank you for your 
preparation. Thank you for your presence. We look forward to 
your testimony and the opportunity to have a good conversation.
    We will be joined by some of our colleagues as we get into 
today's hearing, but sort of as a precursor to today's hearing, 
I was driving in to the train station this morning and flipping 
back and forth between radio stations, and I happened to come 
across a song where the Rolling Stones were singing, ``Hey, 
You, Get Off Of My Cloud.'' [Laughter.]
    How appropriate. We usually do not have theme songs for our 
hearings, but if we did, that actually might work. We actually 
want to get people on the cloud, as I understand it, and 
hopefully when we leave here today I will understand better 
what all that is about.
    But our hearing today will examine the President's plan to 
fundamentally transform the management of our Federal 
information technology (IT) assets. The message of the plan is 
clear: We need to cut what we cannot afford and nurture an 
environment in which innovative and more cost effective 
technologies can be employed throughout our government.
    As I have said time and again in this room and other 
places, we need to look in every nook and cranny of our Federal 
Government--domestic, defense, entitlements, tax expenditures--
and ask this question: Is it possible to get better results for 
less money? Or is it possible to get better results for the 
same amount of money?
    The hard truth is that many programs' funding levels will 
need to be reduced. Even some of the most popular and necessary 
programs out there will likely be asked to do more with less or 
more for the same amount of many.
    Many Americans believe that those of us here in Washington 
are not capable of doing the hard work we were hired to do, and 
that is, to effectively manage the tax dollars they entrust us 
with. They look at the spending decisions that we have made in 
recent years and question whether the culture here is broken. 
They question whether we are capable of making the kind of 
tough decisions that they and their families make with their 
own budgets. And I do not blame them for being skeptical.
    I am afraid that their skepticism has proved well founded 
when you look at the kind of avoidable management failures that 
we have incurred in Federal information technology over the 
past decade or so. The past mismanagement of our Nation's $80 
billion annual Federal information technology is not only 
intolerable, it is unsustainable.
    Late last year, then the Office of Management and Budget 
(OMB) Director Peter Orszag said that fixing the broken 
management of our Federal Government's information technology 
was--and this is a quote--``the single most important step we 
can take in creating a more efficient and productive 
government.''
    I am going to say that again, ``the single most important 
step we can take in creating a more efficient and productive 
government.''
    Based on the information that OMB has released as a part of 
its review, I believe he may be correct. The failures of 
information technology management in the Federal Government 
have in some cases been spectacular. For example, the 
Government Accountability Office (GAO) found in January of this 
year that those running the National Archives electronic 
records investment had not been able to identify potential 
costs and schedule problems early and, as a result, failed to 
take any action to address them.
    GAO estimates that because of these failures in one 
troubled project--one troubled project--taxpayers will lose 
somewhere between $205 million and $405 million. That is real 
money where I come from.
    Today we will look at the President's 25-point plan to turn 
this ship around. The goals are ambitious, and so are the 
timelines. That is a good thing.
    Under the direction of our first Federal Chief Information 
Officer (CIO), Vivek Kundra, the plan is to be fully 
implemented within 18 months of its introduction. That is May 
2012, if you are keeping score at home. But the various goals 
are broken down into 6-, 12-, and 18-month increments. Today I 
am particularly interested in hearing how we are progressing 
toward those 6-month goals.
    The President's plan centers around three main initiatives:
    First, the plan fosters a cultural shift aimed at making 
the management and implementation of large Federal IT projects 
more effective and more efficient;
    Second, the plan pushes the Federal Government to adopt 
cheaper, better, and faster technologies;
    And, third, the plan demands that we shed or consolidate 
the duplicative and wasteful Federal data centers in our 
inventory.
    The plan is a positive first step in tackling the 
institutional and systemic problems that have plagued Federal 
information technology management for years. It may not be 
perfect, but the President and Mr. Kundra should be commended 
for taking on this challenge, and I commend you today.
    We look forward to hearing from our witnesses today, about 
how we are progressing toward these goals, how agencies are 
responding, and what those of us here in Congress can do to 
help make this a successful venture.
    Today I am also happy to say that my colleagues, as they 
come along, will be asking their questions, and if they really 
want to give a statement, we will let them, but my guess is 
they will probably just want to get right into the flow with 
questions and answers.
    But my colleagues Scott Brown, Senator Joe Lieberman, and 
Senator Collins have joined me in introducing legislation 
called ``The Information Technology Investment Management Act 
of 2011.'' This legislation calls for greater transparency when 
it comes to the cost and performance of our Nation's 
information technology investments so that American taxpayers 
can see how their money is being spent.
    It also demands that agencies and the Office of Management 
and Budget be held accountable for a project's failure and work 
either to fix them or end them. The time for lazy or wasteful 
management of these expensive investments is over. We are going 
to demand that projects be on time, on budget, and deliver on 
their promises. If they do not, we are going to bring them to a 
halt. We are going to end the pattern of throwing good money 
after bad.
    I hope that our witnesses will include in their testimony 
today some brief thoughts and comments about our legislation. 
We always welcome constructive criticism.
    And with that said, I want to introduce just very briefly 
the first panel of witnesses. A couple of you have been before 
us more times than you want to remember. If we had to pay David 
Powner for every time he has been before us, the budget deficit 
would be a lot bigger, so we appreciate especially your being 
here.
    Our first witness today is Vivek Kundra, who serves as our 
Nation's first Federal Chief Information Officer. Mr. Kundra is 
responsible for directing the policy and strategic planning of 
Federal information technology investments as well as for 
oversight of Federal technology spending. Previously, Mr. 
Kundra worked as Chief Technology Officer for the District of 
Columbia and as Assistant Secretary of Commerce in Virginia 
under Governor Tim Kaine.
    Our next witness is David McClure--Mr. McClure, good to see 
you--who is the Associate Administrator in the Office of 
Citizen Services and Innovative Technologies for the U.S. 
General Services Administration (GSA). Mr. McClure works to 
advance GSA's responsibilities in serving the American people 
through open and transparent government initiatives and by 
identifying new technologies to improve government operations 
and service delivery.
    Our final witness for this panel is Mr. David Powner, who 
is the Director of IT Management Issues in the U.S. Government 
Accountability Office. As Director, Mr. Powner is in charge of 
GAO's analysis of Federal IT investments, health IT, and 
cybersecurity initiatives. Again, we welcome you.
    I am going to recognize Mr. Kundra to proceed first, and 
you are welcome to summarize your testimony. All of it will be 
made part of the record, and then once the three of you have 
concluded, we will start with some questions. Again, welcome. 
Thank you so much. And thank you for your leadership.

STATEMENT OF VIVEK KUNDRA,\1\ FEDERAL CHIEF INFORMATION OFFICER 
  AND ADMINISTRATOR FOR ELECTRONIC GOVERNMENT AND INFORMATION 
          TECHNOLOGY, OFFICE OF MANAGEMENT AND BUDGET

    Mr. Kundra. Good morning, Chairman Carper and Members of 
the Subcommittee. Thank you for the opportunity to testify on 
our efforts to eliminate wasteful information technology.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Kundra appears in the appendix on 
page 47.
---------------------------------------------------------------------------
    Effective management of IT is essential in serving the 
American people, protecting our national security interests, 
and keeping America competitive in the global economy. That is 
why for the past 26 months we have focused on reforming Federal 
IT to crack down on wasteful spending and boost performance.
    Through relentless oversight, we have delivered $3 billion 
in life cycle cost reductions. We are eliminating duplicative 
infrastructure and have saved millions of dollars through game-
changing technologies and approaches such as cloud computing.
    On December 9, 2010, we published the ``25-Point 
Implementation Plan to Reform Federal IT Management,'' our 
blueprint to address the structural barriers that get in the 
way of consistent execution. We have segmented the reforms into 
6-month increments with concrete deliverables. I would like to 
highlight our progress over the past 124 days in each of the 
five key reform areas.
    First, we are applying light technologies and shared 
solutions to allow agencies to optimize spending and invest in 
their mission-critical needs rather than duplicative 
infrastructure.
    Since 1998, the Federal Government has seen the number of 
data centers grow from 432 to more than 2,000. To reverse this 
unsustainable growth, we are actively shutting down 800 data 
centers by 2015. Additionally, we have shifted to a Cloud First 
policy that allows agencies to pay only for the resources that 
they are actually using.
    Second, we are strengthening program management because no 
matter how effective our technologies and policies, the success 
of our most complicated, high-profile, and expensive programs 
rests on the shoulders of effective program managers. Yet too 
often these programs are managed by individuals randomly pulled 
across the government who lack the training to successfully 
deliver. That is why we have created the IT Program Manager 
Career Series to attract the best talent and to make sure that 
we are cultivating the top performers.
    We have also seen universities like George Mason University 
(GMU) and the National Defense University (NDU) stand up 
programs that focus on case studies so we do not repeat 
historical failures.
    Third, we are aligning the budget and acquisition process 
with the technology cycle to make sure that programs are not 
out of date the moment that they are launched. The budget 
process forces agencies to specify in great detail what they 
are going to be building out 24 months before they can even 
start a project. The acquisition process routinely adds another 
12 to 18 months. We have analyzed funding models across the 
Federal Government to identify the necessary changes to the 
legal framework for IT funding that enables successful modular 
development and to help contain the rise in infrastructure 
costs. We look forward to working with Congress to consolidate 
commodity IT funding under agency CIOs and to develop budget 
models that align with modular development.
    Fourth, we are strengthening governance and improving 
accountability because for too long we have witnessed runaway 
projects that waste billions of dollars that are years behind 
schedule. That is why we have scaled the same model that 
reduced project life cycle costs by $3 billion and turned it 
around poorly performing projects. Already 129 agency employees 
have been trained and 23 agencies have implemented the TechStat 
model to tap into the ingenuity of the American people and the 
collective talent of State and local governments. We have open-
sourced the very software code that the IT Dashboard was built 
upon and the TechStat model. Thirty-eight States, including 
Delaware and Massachusetts, and multiple countries have reached 
out to express interest in adopting these tools to improve 
transparency and accountability.
    And, fifth, we are increasing engagement with the industry 
to demystify the procurement process and dispel common 
misconceptions regarding the acquisition regulations. We debunk 
the top 10 myths in IT procurement, and we are building a pre-
Request for Proposal (RFP) platform to help overcome the ties 
that may occur between agencies and certain vendors. The 
platform will give agencies access to the most innovative 
solutions and provide a small business the same opportunities 
that an industry titan has.
    Over the past 124 days, we have focused on execution rather 
than just policy development. We must continue to buildupon the 
progress to date and scaled practices that we know work to make 
Federal IT perform at the level the American people expect. The 
Federal Government must be able to provision services more like 
a nimble startup and leverage smaller technologies that require 
lower capital outlays.
    I would like to thank the Members of this Subcommittee and 
their staff for putting IT management front and center and 
helping transform the landscape of Federal IT.
    Thank you for the opportunity to testify. I look forward to 
any questions you may have.
    Senator Carper. Great. Thank you for that testimony and for 
the work that it represents. Thanks so much. Mr. McClure, 
welcome.

STATEMENT OF DAVID MCCLURE,\1\ ASSOCIATE ADMINISTRATOR, OFFICE 
 OF CITIZEN SERVICES AND INNOVATIVE TECHNOLOGIES, U.S. GENERAL 
                    SERVICES ADMINISTRATION

    Mr. McClure. Good morning, Chairman Carper and Senator 
Brown. Let me introduce myself. I am Dave McClure from the GSA. 
I would like to talk about the GSA role in the IT reform agenda 
this morning.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. McClure appears in the appendix 
on page 53.
---------------------------------------------------------------------------
    I really want to summarize three main points that I make in 
my written statement.
    Point No. 1 is that the 25-point IT reform plan and the 
Federal Cloud Computing Strategy issued by Vivek are very 
constructive, and they are sorely needed steps forward in 
improving the way IT is acquired and managed. GSA's role in 
this agenda is very clear. We focus on shared, lightweight 
technologies, and simplifying the provisioning of IT services 
on demand so that we can accelerate agencies' access to modern 
technology, get solutions in the hands of users faster, and 
lower costs.
    Cloud computing is at the forefront of these innovative 
technologies today. As Vivek has noted, it offers compelling 
advantages when, like any other technology implementation, it 
is done well.
    Cloud computing is already here in the Federal Government, 
and it is an inevitable trend from a technology marketplace 
perspective. Many agencies have started implementing cloud 
solutions and found significant savings. We have documented 
many on our public web page, Info.Apps.gov.
    The return on investment has been lower IT operating costs, 
improved operational performance, better service delivery, and 
increased agility in provisioning changes to computing needs.
    Point No. 2, GSA plays a strong governmentwide leadership 
in supporting the adoption of cloud computing in the Federal 
Government. The Federal Cloud or Project Management Office 
(PMO), is housed in my office at GSA, and we have the lead in 
facilitating new innovative cloud computing procurement 
options, ensuring effective cloud security and standards are in 
place, and identifying potential multi-agency or governmentwide 
use of cloud computing solutions.
    Our cloud computing PMO is active, engaging, and 
productive. My written statement outlines six cloud-related 
activities. I just want to focus on three of them briefly.
    Let us start with the Federal Risk and Authorization 
Management Program (FedRAMP) is being established to provide a 
standard security approach for assessing and authorizing cloud 
computing services and products. Currently this process in the 
government is expensive, it is time-consuming, it is a heavy 
paper-driven process exercised inconsistently across the 
government. An average Assessing and Authorizing (A&A) costs up 
to $180,000 and requires up to 6 months to complete. FedRAMP 
will allow joint authorizations and increased use of continuous 
security monitoring services for government and commercial 
cloud computing systems.
    Because we can achieve a more consistent security baseline 
and a common interpretation, we can leverage the work of one 
agency for another, or as we say, approve once and use often. 
This should help reduce cost, it should enable rapid 
acquisitions, and it should reduce the overall effort of the 
government in this area.
    I might add that we have developed this with broad 
consensus in the government, involving that National Standards 
and Technology (NIST), the Department of Homeland Security 
(DHS), the Department of Defense (DOD), the National Security 
Agency (NSA), and various commercial industry consortia.
    Another important governmentwide initiative is 
infrastructure as a service. Each year the government spends 
tens of thousands and millions of dollars on IT products and 
services, heavy focus on maintaining the current computing 
infrastructure needs and demands. We have established a Blanket 
Purchase Agreement (BPA) with 12 companies, many with multiple 
partners who offer storage, computing power, and Web site 
hosting as commodities. The benefits include commodity type 
pricing for services, allowing customer to easily compare 
prices across vendors. It also offers standardized technical 
and security requirements that companies are required to meet 
across the entire government.
    The third area is cloud-based e-mail. We chose to tackle 
perhaps one of the most ubiquitous business technologies in use 
by all Federal agencies: e-mail. Using a governmentwide working 
group, we again took a collaborative approach to building a 
procurement vehicle. Once it is released and concluded, 
services will be offered to Federal customers via a Blanket 
Purchase Agreement. I think it will accommodate a range of 
robust, feature-rich e-mail services in public, private, and 
highly secured clouds.
    So my final point is this: GSA is also walking the talk. A 
lot of what we are doing internally within GSA is also very 
robust in the cloud space. We are putting in one of the first 
cloud-based e-mail systems in the government. We expect a 
savings of over $15 million in 5 years. We are reducing our own 
data centers from 15 to 3 by 2015. We estimate a $2 million 
annual reduction in data center costs as a result. And we host 
perhaps some of the most visible Web sites, public Web sites in 
government, including USA.gov, which is the Nation's portal or 
front door into the Federal Government, as well as Data.gov, 
which is one of the first public-facing government Web sites to 
be successfully deployed in a cloud environment.
    We also host a lot of open-source sharable code solutions 
that lower the cost and help implementations in areas like 
Challenge.gov, where challenges and contests are being run by 
Federal agencies.
    So I hope this offers you a brief flavor of what we are 
doing at GSA to improve the IT outcomes in the government. 
Again, thanks for having me here for testifying.
    Senator Carper. Mr. McClure, thank you for testifying.
    Mr. Powner, welcome. Thank you.

     STATEMENT OF DAVID POWNER,\1\ DIRECTOR OF INFORMATION 
 TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY 
                             OFFICE

    Mr. Powner. Chairman Carper, Senator Brown, we appreciate 
the opportunity to testify this morning on IT acquisitions. 
Chairman Carper, I would like to thank you for your oversight 
of Federal IT acquisitions. Your many hearings highlighting the 
wasteful spending in this area has led to many improvements in 
Federal agencies and at the Office of Management and Budget.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Powner appears in the appendix on 
page 62.
---------------------------------------------------------------------------
    Senator Carper. Very nice of you to say that. Thanks very 
much for being a big part of that.
    Mr. Powner. OMB plays a key role in this oversight process. 
In fact, OMB has been required by the Clinger-Cohen Act of 1996 
to track, analyze, and report to the Congress on IT 
expenditures, which now total almost $80 billion.
    To help carry out this role, OMB established several 
oversight mechanisms, including lists of troubled projects, 
starting in 2003, that clearly were not as useful or accurate 
enough to perform the appropriate level of oversight. Under 
Vivek Kundra's leadership, OMB has improved its oversight of 
and management of IT acquisitions by: one, creating the IT 
Dashboard; two, using this information on the Dashboard to hold 
agencies and CIOs accountable; and, three, introducing 
comprehensive IT reform. I would like to highlight each of 
these efforts and what additional actions are needed.
    First, the Dashboard. In June 2009, OMB deployed a public 
Web site, known as the IT Dashboard, to improve the 
transparency and oversight of approximately 800 major Federal 
investments totaling about $40 billion. The Dashboard presents 
information on costs and schedule and a CIO assessment, among 
others. Today, the Dashboard shows that nearly 40 percent of 
the 800 investments are in need of management attention due to 
their red or yellow status. More simply put, this equates to 
over 300 investments totaling $20 billion that are at risk.
    I would like to repeat those numbers. We have 300 
investments totaling $20 billion that are at risk.
    In addition to identifying troubled IT projects, the 
Dashboard is an excellent tool to identify duplicative 
investments, which could result in significant savings. We have 
ongoing work for this Subcommittee looking at this duplicative 
spending.
    Despite the improved transparency, data reliability remains 
an issue, as our work has shown that Dashboard information is 
not always accurate and consistent with agency records. OMB and 
agencies acknowledge this and have a number of activities under 
way to improve the Dashboard and the accuracy of what is being 
reported.
    OMB has also improved the management of IT investments 
needing attention by holding TechStat meetings. These meetings 
started in January 2010 and are led by Mr. Kundra and agency 
leadership. Well over 50 of these meetings have been held, and 
the results are impressive. Four projects have been canceled 
and 11 restructured. OMB has claimed that this has resulted in 
a $3 billion reduction in costs. OMB has also identified 26 
additional high-priority projects that have undergone extensive 
review, which resulted in corrective action plans.
    One of the high-priority projects is the National Archives 
electronic records acquisition that you mentioned, Mr. 
Chairman. Our work for this Subcommittee has highlighted the 
mismanagement and major cost and schedule issues associated 
with this acquisition. It is one of the projects that OMB is in 
the process of restructuring. Although OMB has had significant 
results with its TechStat meetings and its high-priority 
projects, many more projects are in need of OMB and agency 
oversight.
    In addition to the Dashboard and TechStat sessions, OMB 
issued a comprehensive IT reform plan that includes replicating 
these TechStat sessions throughout the government to improve 
governance and to strengthen program management. Many of the 
reform initiatives are consistent with your many years of 
oversight in this arena and our body of work on IT acquisition. 
And to its credit, OMB has issued aggressive milestones that 
span the next 18 months. Now the challenge lies in 
implementation.
    In summary, OMB's efforts to improve the transparency of 
the IT Dashboard, to improve IT acquisition execution through 
its TechStat sessions, and its IT reform initiatives are 
encouraging. But the accuracy of the Dashboard information 
needs to greatly improve. Even more focus needs to be put on 
the $20 billion at risk, and the major IT reform initiatives 
now need to be implemented.
    I would like to conclude by commending your leadership, as 
well as Mr. Kundra's in this area, Mr. Chairman, and I am 
pleased to answer any questions you have.
    Senator Carper. Mr. Powner, thank you so much, and thanks 
again for being a big partner with us in these efforts.
    Senator Brown has another hearing that is going on, and he 
is going to be coming in and out. But I just want to recognize 
him for any comments that he wants to make, and he can go right 
into questions whenever he is ready.
    Senator Brown. Thank you, Mr. Chairman. I am going to stay 
as long as I can. I enjoy this very much, and I appreciate you 
pushing forward on this.
    I have a statement that I am just going to submit for the 
record.
    Senator Carper. Without objection.
    Senator Brown. Thank you.
    I might as well start. Mr. Kundra, according to your 
testimony, your high-priority IT project and financial system 
reviews have led to over $3 billion in life cycle cost 
reductions. How many investments were actually reviewed?
    Mr. Kundra. We actually overall looked at over 50 
investments.
    Senator Brown. Five-zero?
    Mr. Kundra. Fifty, yes. So these 50 investments, and one of 
the things we focused on was the most troubled investments out 
of the IT portfolio. And the reason we introduced the IT reform 
plan, the 25-point plan, was to actually now multiply the same 
processes across every single department and agency within the 
U.S. Government because the challenges at the end of the day, 
despite OMB's oversight capabilities, what we want to do is we 
want to prevent these investments from getting to the point 
where they are years behind schedule or hundreds of millions of 
dollars over budget. And that is what we are focused on.
    Senator Brown. By then isn't the technology obsolete in 
many instances?
    Mr. Kundra. Absolutely. The way that the acquisition 
processes actually work right now and the budgeting process, 
unfortunately we plan out years in advance and end up locking a 
specific technology. And by the time you actually implement 
some of these technologies, they are way out of date.
    Senator Brown. I know in New York City, for example, they 
hired a company, VMware, to come in and actually go and review 
all their IT specifications because there were so many 
individual fiefdoms and they were not connected. They were not 
efficient. They were wasting money. They have apparently saved 
a tremendous amount of money through, obviously, the cloud 
technology and that whole new way of doing things.
    Out of the 50 that you did--how many actually are there 
total in terms of the actual investments? You said you looked 
at--how many actually are there? What is the big picture?
    Mr. Kundra. So where we need attention, as Dave Powner 
pointed out, is about 300 or so investments, and what we are 
trying to do now is to scale the same exact model we used to 
turn around or terminate these poorly performing investments. 
So the process we used was coupling the IT Dashboard where we 
are shining light on what was going on with these investments 
with what we call our TechStat accountability sessions to 
really drill down on each of these investments to make sure 
that if, for example, you do not have a dedicated project 
manager, if you do not actually have a clearer understanding of 
what the business objectives or goals are, or you are in the 
process of implementing outdated technologies, these are huge 
investments that have a major effect on how agencies are 
actually being transformed.
    One of the problems we have seen throughout these sessions 
is that people are looking at these projects at IT projects. 
But at the end of the day, they are about transforming how an 
agency fundamentally operates.
    Senator Brown. So when you are looking at the--when you say 
$3 billion is or may be saved in part, this is being done by 
canceling some projects, I am presuming. But how much did we 
already lose with what was already spent on those investments?
    Mr. Kundra. Well, so that is a little more difficult number 
to come up with. To give you an example, with financial systems 
what we did is we looked at the entire life cycle cost of 
financial systems across the Federal Government, and that was 
about $20 billion in life cycle costs.
    The Department of Defense, for example, had a project 
called Defense Integrated Military Human Resources System 
(DIMHRS). It was their integrated human resource planning 
system. They spent 12 years and approximately $1 billion, and 
we ended up killing that project.
    Unfortunately, what we do not want to do is be in a 
position where we are just killing IT projects because at the 
end of the day there is still a business need. They are not 
just implementing projects because they felt it was a fun thing 
to do. There is actually a business problem.
    So the four that we killed, the real victory in my mind is 
actually the projects, the 11-plus projects that we looked at 
where we de-scoped them. And what I mean by de-scoping is we 
said instead of trying to boil the ocean, where people have 
bought into this fallacy that these enterprise resource 
planning systems are going to balance your books, they are 
going to track your assets, they are going to make you coffee, 
that you have to actually break these projects down into 6-
month increments. If within 6 months you cannot prove that you 
have delivered something of value to your customers, then you 
need to either halt that project or you need to fundamentally 
rethink it or terminate it. And what we are seeing with these 
large enterprise projects is that people are spending years, in 
some cases decades, implementing a project that is not working.
    Senator Brown. So did we actually save $3 billion, or did 
we just not lose more money to cost overruns on these actual 
projects?
    Mr. Kundra. Well, it is a combination of both because where 
we de-scoped the projects in the cases of financial management 
systems like the Environmental Protection Agency (EPA), we 
actually took that project down and cut it significantly lower. 
And also the way we were saving that money in terms of both 
cost avoidance and the original life cycle costs is that there 
are game-changing technologies, new technologies that have 
emerged since the project was originally conceived.
    Senator Brown. It always seems like we are a couple of 
steps behind. It seems like the government is an easy mark: 
Hey, we have this new technology, go buy it. And then we invest 
billions of dollars in some instances, or at least hundreds of 
millions, and then by the time it actually gets through the 
process, it gets implemented, it gets up and running, and it is 
obsolete. Then we have to get the updates and upgrades, and it 
just seems like we are an easy mark.
    I am wondering, in the next 50 investments, is there the 
potential for significant cost savings in the future? Or were 
these initial reviews just kind of picking off the low-hanging 
fruit?
    Mr. Kundra. I think there are significant opportunities for 
cost savings, in the billions, and here is why. So to your 
point, one of the big problems we see is this huge gap between 
the public sector and the private sector, and the reason this 
gap exists is because the culture in government historically 
has been that the government must build its own infrastructure, 
it must own the software development. And one of the reasons we 
are shifting to the Cloud First policy essentially is to move 
away from this philosophy of asset ownership to service 
provisioning.
    So in the same way that a small startup company would go 
out there, and if they are standing up a business, they are not 
going to go out there and build their own e-mail system or 
their own accounting system. They are going to go to a company 
like Quicken Books and fire up an accounting system or go to 
Microsoft or Google or any of these other providers and fire up 
an e-mail system.
    What we need to do is government needs to operate much more 
like a nimble startup than it does today, where we are engaging 
in these multi-year, multi-billion-dollar IT projects. That is 
what we are doing with GSA, putting in place these 
governmentwide procurements that actually will allow us to 
provision the services.
    Senator Brown. Just in closing, and then I will turn it 
back to the Chairman in Massachusetts we have amazing companies 
that deal with this stuff every day, and it is second nature. 
We have the technology leaders in the world. And we are in the 
government, and it is like we are sometimes in the Dark Ages. I 
am sure this is not the first time we have had a hearing on 
this stuff. It is my first experience on it. But I know you 
have been working on it for years.
    At what point do we actually start to realize these 
billions of savings, I mean, real dollars that can be used in 
other areas, especially now?
    So that was more of a statement than a question, but I 
would like to come back. Thanks, Mr. Chairman.
    Senator Carper. Thanks very much.
    Senator Brown and I hold a lot of hearings in here, and 
what we focus on is how do we get better results for less 
money. That is really what we do. That is our bumper sticker--
how to get better results for less money. And when you think 
about IT projects, sometimes we do not really focus on what we 
are trying to do is get better service, better results for less 
money.
    Give us a couple of examples, and I do not care who leads 
off, but give us a couple of examples where you actually can 
say these are some projects where we actually got a whole lot 
better results for less money, or a little better results for--
better service, maybe, for not a lot more money. Can you give 
us a couple good examples?
    Mr. McClure. Yes, I would be happy to start. In my case, we 
have been one of the first to move into the cloud computing 
environment, for example, and I mentioned USA.gov, which is the 
public portal for the Federal Government. By moving it into a 
cloud environment, we are able to save an estimated $1.7 
million a year in computing costs because we moved into a more 
agile computing environment. We were able to provision changes 
to that system in hours as opposed to months, which means I 
could change the Web site and its features very quickly. And, 
third, it allowed me to use people in a different way. Rather 
than monitoring and running the infrastructure that we owned, I 
actually could turn them over to doing more mission-based and I 
think more value-added types of services.
    So for us it was a cost savings, it was an agility to move 
faster, and I was able to free people up to do more value-added 
work. And I think that is a common occurrence across many of 
the implementations right now.
    Senator Carper. All right. Good. Some other examples, 
please.
    Mr. Kundra. On something as simple as e-mail services, the 
U.S. Department of Agriculture (USDA), with 120,000 employees, 
and the General Services Administration (GSA), with 17,000 
employees, moving e-mail over to the cloud, what they were able 
to save is over $40 million. Something as simple as a Web site, 
what the Recovery Board did is they saved $750,000 by just 
moving to the Amazon cloud.
    Health and Human Services (HHS), by looking at electronic 
health record grants, moving over to a sales force 
implementation, they cut their costs by 60 percent.
    So we are seeing huge savings, and it is not just in 
dollars. Part of what is happening is we keep building 
duplicative infrastructures, so the numbers you look at in 
terms of data centers, we went from 432 to more than 2,000, and 
part of the reason is because people have been so focused on 
building duplicative, redundant infrastructure rather than 
lifting up and saying how do we make sure that in the same way 
the American people, when they go and book a ticket, whether it 
is for a flight or a concert or making a reservation at a local 
restaurant, that experience is so much better than when they 
are dealing with the government. And the reason is because the 
government is so focused on the duplicative infrastructure, and 
we are trying to abstract all of that so we can get the 
government to focus actually on the customer experience rather 
than investing billions of dollars in this duplicative 
infrastructure.
    Senator Carper. I have not counted the number of times that 
``cloud'' has been used in our testimony or our responses to 
questions, but there are a lot of people who are following the 
hearing today have no idea what you are talking about. Why 
don't you just step back--actually somebody had it in their 
testimony, a little definition at the bottom of the page, what 
we are talking about, which I do not know if it would be all 
that helpful to too many people. Just make it real simple and 
easy for folks to understand.
    Mr. Kundra. Sure. So the most basic way to think about 
cloud computing is if you look at the progress that was made 
throughout this Nation, it used to be that every house had its 
own well and had its own electrical generation system. But as 
technology evolved, we ended up with an electrical grid, we 
ended up with a water distribution system. So now what happens 
is, when you are at home, whether you are plugging in a mixer 
or a TV, you consume the electricity that you are actually 
using rather than to have to pay for all that infrastructure.
    In the same way, cloud computing from a technology 
perspective, the simplest way to think of it is that the 
government is going to be able to pool its demand and actually 
dynamically allocate resources or use resources so that we are 
not paying for resources that we are actually not using.
    Senator Carper. A friend of mine tried to explain it to me 
not long ago, and he said, ``Do you have kids that are old 
enough to drive?'' I said, ``Yes, we have a boy 21 and one 
22.'' And he said, ``Are they away at college?'' I said, ``One 
is, and one is actually in another country.'' He said, ``Do 
they ever come home?'' I said, ``Well, they do.'' And he said, 
``How many vehicles do you have?'' I told him, and he said, 
``Do you need more vehicles when they come home?'' And I said, 
``Yes, we do.'' And he said, ``What do you do, go out and buy a 
new vehicle so that when they come 2 or 3 weeks out of the year 
their car is there for them to use?'' And I said, ``No. We 
actually rent a car.'' He said, ``Well, that is kind of like 
what this is.'' So that helps me understand it.
    I want to try to draw an analogy here and use this analogy 
as a way to get to sort of get why do we have this problem. It 
has been pervasive throughout the Federal Government. We spend 
so much money for these projects. Some of them work quite well, 
and too often they do not.
    We held a hearing here 2 weeks ago, and the focus of our 
hearing was major weapons systems cost overruns. And as it 
turns out, GAO told us 10 years ago, in the year 2000, that our 
major weapons systems cost overruns was $42 billion. And GAO 
testified 2 weeks ago that our major weapons systems cost 
overruns is $402 billion. It went from $42 billion in 2000 to 
$402 billion last year.
    And as we drilled down on why that was happening, we got a 
couple of answers. One of those is that sometimes the 
technologies that are being proposed to use on these weapons 
systems are what they call immature, meaning they have not 
really been fully developed.
    Second is the agency, the military branch, or service may 
not have fully figured out what they want, and they continue to 
do modifications to the projects. We call it ``project creep.''
    The third thing is we do not necessarily do the best job of 
making sure the acquisition folks with experience are bird-
dogging these projects and that they have the kind of clout 
that they need in order to blow the whistle when things are 
going wrong.
    We had an example from a fellow named John Young, who was 
the top person in the Bush Administration, the second term, for 
acquisition, and we had one of his deputies, his top deputy for 
acquisition. He is an Assistant Secretary for Defense. We said, 
``Talk to us. How long have you been in your position?'' He 
said, so many months. And we said, ``What kind of turnover did 
you get from your predecessor?'' And he said, ``Well, I did not 
get any turnover. My predecessor left 18 months before I did.'' 
We said, ``No kidding.''
    ``Tell us about your direct reports. How many direct 
reports do you have?'' And he said he was supposed to have six, 
and only two were filled.
    So here is like the top person really in the Department of 
Defense whose job it is to make sure we are getting our money's 
worth. There is an 18-month lapse between when he comes in and 
the guy before him left, and only two out of six direct reports 
were there. So it turns out the guy who is in that position 
today in this Administration, his nomination was held up for 15 
months--15 months before he was actually allowed to go to work. 
So those are the kinds of problems that have led to $402 
billion cost overruns.
    When you drill down on it, how have we gotten into the 
situation that we are in where we have $80 billion worth of 
projects and maybe a quarter or so are at risk? I do not know, 
maybe, David, this is good one for you, Mr. Powner.
    Mr. Powner. Yes, well, a couple things. One is--and I think 
a lot of this is tied to Mr. Kundra's IT reform plan. You could 
start with program management. There clearly needs to be 
strengthened program management across the government where, to 
your point, we define what we want well up front; we have a way 
to manage risks.
    But on top of that program management level, what happens 
many times--and it has been the subject of many hearings that 
you have held, for instance, like what happened at the Census 
Bureau--we have a lack of executive accountability. Many times 
when a project gets in trouble, they blame the program manager 
instead of a key executive who should be overseeing that, 
including the CIO. And I think when you look at Vivek's reform 
plan, one of the five major areas is governance. There needs to 
be better governance over these projects from an executive 
point of view. In fact, that is what Vivek is attempting to 
implement through his TechStat sessions.
    So, Senator Brown, to your point, yes, we have held over 50 
meetings, and we have saved $3 billion. But your chart up there 
shows that there are 300 that need attention right now, and if 
we projected that, I mean, there could be $20 billion of 
savings if there is any success like he has had on those first 
50.
    Senator Carper. All right. Anybody else want to take a 
shot? What I want to make sure is that we figure out what the 
problems are, the major problems are, and to make sure through 
executive action and through legislative action that we are 
actually going after the root problems. Mr. McClure.
    Mr. McClure. Yes, I think Dave hit it on the head. It is 
governance and program management, but those have been the same 
problems that we have been pointing to for the last two or 
three decades in Federal IT.
    I think what this Administration is doing is trying to 
focus program management and governance on transparency. You 
have to get this stuff out in the open in terms of the status 
of projects. It cannot be buried in an agency. It has to be a 
fact-based assessment, not an emotional appeal. And it has to 
be near real time. We cannot do this reporting months after 
something has already occurred.
    And, finally--and I think Vivek is doing this with 
TechStat--these things have to be focused on problem solving, 
not reporting. We can report, but we still miss what do we do 
to fix it. So I think we have to change the agenda to problem 
solving.
    Senator Carper. Good. That is a good point.
    Mr. Kundra, before I yield back to Mr. Brown, Senator 
Brown, go ahead.
    Mr. Kundra. Chairman Carper, I still recall my very first 
meeting with you when I started, and one of the things you 
pointed out----
    Senator Carper. Was it that bad?
    Mr. Kundra. It was great. You actually highlighted the need 
for reforms, and one of the things I did after I met with you 
is studied history, went back to 40 years of challenges in 
Federal IT management. And I do not think contractors wake up 
every morning and say, ``Hey, how are we going to make sure we 
mess up Federal IT this morning?'' And I do not think 
government employees wake up every day and say, ``How are we 
going to go out there and make sure these projects fail?''
    Part of what we saw was that the efforts over the last 40 
years, a lot of it was very much around policy, and there has 
been great policy historically in place. But the challenge was 
a lack of a focus on execution. And the hearings that you have 
had have been tremendously helpful, and the fact that you have 
reached out to agencies to get them to improve the data 
quality, as Dave mentioned, the first thing we wanted to do is 
just shine light. And what we did when we launched the IT 
Dashboard is we actually put up a picture of every CIO right 
next to the project they were responsible for.
    Senator Carper. No kidding.
    Mr. Kundra. With how they were doing in costs----
    Senator Carper. I always joke about when you look up in the 
dictionary, you look up a particular word, you have somebody's 
picture.
    Mr. Kundra. Absolutely. And I was Public Enemy No. 1 for a 
couple of weeks, but I think very quickly we realized by 
shining light all of a sudden we were exposing some of the 
major issues around IT projects.
    And in the 25-point plan, we highlight some of the 
challenges and areas that we need to focus, but I would point 
to one significant area where I think improving or moving the 
ball from would make a tremendous difference, which is around 
program management, as both David Powner and David McClure have 
mentioned. If you think about multi-million-and multi-billion-
dollar IT projects and government officials that are charged 
with managing them, and if you compare that to other industries 
such as aviation, medicine, and firefighting, you do not set 
foot on a 777 unless you have gone through a simulator and 
hundreds if not thousands of hours of training. You do not get 
to operate on your first patient unless you have gone through 
medical school, a residency program with attendings. Or if you 
are a firefighter, you actually practice fire drills on actual 
fires before you go out there and put out your first fire.
    We have not done that historically when it comes to program 
management, and I think that is a key area of our reform 
agenda.
    Senator Carper. Great. Thank you. Senator Brown.
    Senator Brown. Thank you.
    So, Mr. Powner, just touching base, Mr. Kundra says $3 
billion in estimated saving, and GAO says $3 billion in 
estimated cost overruns. So does that mean we are basically at 
square one or are we actually realizing real savings that we 
can actually put back into the Treasury and use in other areas?
    Mr. Powner. Well, I think it is probably a mixed bag, as 
Mr. Kundra mentioned. I think when we eliminated some of those 
projects--there were four that were terminated--I think those 
are real savings. The restructuring, that is a little uncertain 
about how much real savings there are there. But, again, it 
probably--the use of that money moving forward is--we are 
familiar with some of those projects that are restructured, 
like the National Archives project. That is a good move.
    So a couple points here, though, in terms of savings. If we 
are really after savings, I think looking at those troubled 
projects is one way to go. There is probably another way if you 
look at--I am going to shift gears just real quickly here, 
Senator Brown. When you look at the Dashboard--and we are doing 
this work for this Subcommittee right now. You could look at 
duplicative spending associated with that Dashboard, so there 
are over 5,000 systems that we are investing in. I can tell you 
right now that there are over--in Fiscal Year 2011 we are 
funding over 550 financial management systems at $3 billion. So 
the question is: Does the Federal Government need over 550 
financial management systems?
    And I can go right down the line. I could tell you----
    Senator Brown. I think you know that answer.
    Mr. Powner. Right. And I can give you example after 
example. So not only do we need to improve the performance of 
what we are spending money on, but there is potential for 
duplication when you start looking within and across agencies. 
There are 600 H.R. systems in the Federal Government that we 
are funding. The Fiscal Year 2011 funding is $2.5 billion on--
--
    Senator Brown. That is out of control.
    Mr. Powner [continuing]. On 600 H.R. systems. Those are the 
things that really need further investigation.
    Senator Brown. So noted. Mr. Chairman, that is your next 
hearing.
    Senator Carper. Our next hearing. [Laughter.]
    Senator Brown. Thank you.
    How will GAO be tracking the performance of these 
initiatives going forward?
    Mr. Powner. Well, in terms of--a couple things. Looking at 
the performance of these projects, we continue to do work on an 
every-six-month basis, we report on the Dashboard, how those 
numbers are changing, and the accuracy and reliability of what 
is being reported. And then on those duplication numbers, we 
are doing work for the Subcommittee where we will be laying 
out, by functional area, how many investments there are and 
what the total dollars are. And it will raise questions about 
what is being done to manage that more effectively.
    Senator Brown. So you can certainly make recommendations, 
but you do not have any teeth at all to really drop a hammer 
down and say, hey, listen, you have to stop this. You are 
making the recommendations to us, and then we are going to take 
it up the food chain. Is that a fair statement?
    Mr. Powner. Yes, clearly, most of our recommendations go to 
departments and agencies, and right now Mr. Kundra and I work 
very closely together on some of these governmentwide issues, 
and I will say that there is a lot going on in his shop right 
now. But clearly your oversight hearings help with action on 
those items.
    Senator Brown. And I know, obviously, with any type of 
projects, it takes leadership. And, Mr. Kundra, what is your 
plan? Do you plan on staying on as the Federal CIO until the 
plan is seen through?
    Mr. Kundra. Well, we are focused on executing the plan, 
obviously, and I am committed to making sure we are executing. 
As a matter of fact, at the end of this month we are going to 
be celebrating the accomplishments at each of the agencies 
where they have delivered. But what is important here is I can 
stay on as long as it is necessary, but what is really, really 
important in my mind is that this plan, the way we have 
engineered it, it is not dependent on any single individual. 
Because at the end of the day, as you correctly point out, 
those 300-plus investments, every CIO in every major department 
needs to be as focused on execution as we are within the White 
House.
    Senator Brown. And when you are looking--I know the IT 
Investment Management Act that Senators Carper, Collins, 
Lieberman, and I are introducing today takes some steps to 
codify some of your office's successful initiatives, such as 
the IT Dashboard and TechStat sessions. What else can we do, 
any other suggestions, to ensure the success of this plan 
moving forward?
    Mr. Kundra. I think, Senator, one of the areas that will be 
really, really helpful, as Dave points out, some of the 
duplication, is how we look at funding across the Federal 
Government. And what I mean by that is the way Congress 
appropriates funding is bureau by bureau, department by 
department. I see a huge opportunity here in terms of being 
able to look horizontally across the Federal Government, and 
whether it comes to the 2,000-plus data centers or hundreds of 
whether it is financial systems or H.R. systems, and to take a 
step back and fundamentally rethinking how we are funding IT 
across the Federal Government. And second would be to actually 
empower departmental CIOs by consolidating at least commodity 
IT. And when I say commodity IT, what I mean by that is these 
financial systems, H.R. systems, e-mail, data centers, 
desktops, putting that authority under the departmental CIO, I 
think we will see huge results. And we have case studies such 
as the Veterans Administration (VA) where we are beginning to 
see a much better outcome in terms of the commodity assets.
    Senator Brown. How do you maintain a robust security of the 
Federal computer networks when you are moving to the cloud 
system? How do you make sure that we maintain that high level 
of security?
    Mr. Kundra. Part of what we are doing actually is looking 
at how we contract when we begin to move a lot of these systems 
over to the cloud. And what I mean by that is already today, if 
you look at 4,700-plus systems, they are outsourced. And we 
specifically specified in terms of contracting language how the 
systems are managed and what the security requirements are.
    Second, one of the things we are doing with cloud computing 
is we are trying to make sure that we get real-time data feeds 
on the security posture of these providers so that the 
Department of Homeland Security and Chief Information Security 
Officers can analyze the data and make sure that we are very 
aware of what is going on as far as the security posture of 
those systems are concerned.
    And, third, we are making sure that we come up with a 
common set of controls, which is going to be the floor, the 
minimum set of controls that are technical in nature, that we 
can constantly monitor to make sure that if we are being 
attacked in any way or if those systems are being compromised, 
that we have that information on a real-time basis.
    Senator Brown. Mr. McClure, you have been kind of shy 
today, so I figured I would ask you a question. [Laughter.]
    GSA has taken a lead role in the Cloud First rollout. How 
is GSA assisting agencies in this effort?
    Mr. McClure. Well, through a couple of mechanisms. One, as 
I think Vivek pointed out, we are putting in contractual 
arrangements through our Blanket Purchase Agreements (BPAs) on 
things like infrastructure as a service and e-mail that are 
cloud based. It allows really the agencies to purchase or 
provision these services in a very cost competitive way and 
much quicker than going through a full and open competition 
process. So we have done all the vetting. We have looked at the 
vendors. We have qualified them as being competent in space. We 
have done the security reviews. The agencies can purchase what 
they need from a mission perspective.
    The second thing, I think, that we do is actually put 
together the FedRAMP program that Vivek is referring to, 
working across government, not just GSA, but we are trying to 
put a simpler, more effective, more complete security review 
for the government that is consistent across government and 
then leverage that once it is done rather than repeating them 
over and over and over again.
    So I think that will tremendously increase the speed by 
which we can get some of the technology solutions in place.
    Senator Brown. Mr. Powner, one final. What are the biggest 
security risks moving forward toward cloud-based IT services?
    Mr. Powner. Well, clearly, security is a great concern. I 
would add that, like any project moving forward, you need to 
define your security. One option, moving to the cloud, if a 
commercial cloud is not adequate, there are private clouds you 
could move toward also with greater security.
    Senator Brown. Thank you Mr. Chairman.
    Senator Carper. Good questions.
    Maybe a question for Mr. McClure and for Mr. Kundra. The 
President's plan contains, I believe, 25 action items, and 14 
of them are set to be completed within, I believe, 6 months of 
the plan's issuance. There are about 2 months left on the first 
crucial timeline that has been set.
    I guess my first question to both of you would be: Do you 
think we are on schedule for those 14 items? And if not, which 
ones do you think we will not accomplish and why?
    Mr. Kundra. Sure, as I think with 124 days behind us and I 
believe about 58 days to go, part of what we are really focused 
on is three areas:
    One, in terms of making sure we are working with Congress 
on the budget flexibilities, I think that is an area given that 
Congress has been very focused on the 2011 budget and now the 
2012, we have not made as much progress as I would have liked 
on moving forward in that direction.
    The second area that we are very, very focused on right now 
is actually on the program manager path, the career track. I 
think we are in good shape there. We are very focused in terms 
of shutting down the 800 data centers. We have already 
identified over 100 data centers that agencies have zeroed in 
on that could be shut down this calendar year. We are making a 
lot of good progress on----
    Senator Carper. What do you do? Do you ask the agencies to 
help identify them? Is that the way it is working?
    Mr. Kundra. So we have actually put together a Data Center 
Consolidation Task Force, and that task force is zeroing in on 
each of the departments, and we are looking for opportunities 
to consolidate, not just within departments but across the 
Federal Government. And so those are the data centers that we 
want to shut down, but we want to move forward very, very 
aggressively to make sure that assets that are not being 
utilized, there is no need to waste taxpayer money on them.
    Senator Carper. As the Postal Service struggles with trying 
to figure out how to be vibrant and play a critical role in the 
21st century, they are looking to close down not just post 
offices but also distribution centers. And there is a pushback. 
Are you getting pushback on these efforts to close the data 
centers? Or is it pretty much a fait accompli?
    Mr. Kundra. I think once we release the locations and the 
names, I am sure there is going to be a lot of robust 
discussion back and forth.
    Senator Carper. OK.
    Mr. Kundra. But I definitely expect that we will be before 
this Subcommittee talking about this.
    Senator Carper. All right. Good enough.
    Mr. McClure, any thoughts on that question?
    Mr. McClure. Yes, I think some of the things that I 
discussed in the statement today are helping the Cloud First 
strategy. The infrastructure as a service offering, the cloud 
e-mail offering, the ability for agencies to get software in 
the cloud off of our apps.gov Web site--these are all helping 
the agencies meet, I think, the Cloud First deadlines that the 
Administration has set.
    We also are helping create a pre-RFP collaboration platform 
so that industry and government can actually talk about 
solutions before we enter into the laborious contracting and 
procurement process. I think that will be very helpful.
    The final area I think we are helping is in data 
consolidation in that we do a lot of the leg work for Vivek and 
collecting a lot of the information. And we can step back with 
Vivek and look, similar to what Dave is doing, on where we see 
real opportunities for cloud and consolidation across 
government, not just within a single agency but across 
government, and that is really where I think a lot of progress 
can be made as well.
    Senator Carper. OK. I think you have spoken to this. I am 
going to drill down on it just a little bit more. Each agency 
is supposed to identify three must-move systems to the cloud 
within the first 3 months of 2011, and let me just ask again. 
Have all the agencies met this goal? I think you may have 
responded, but have all the agencies met this goal?
    Mr. Kundra. Yes, they have submitted--I think we have about 
75 systems that have been identified that will move to the 
cloud, and part of what agencies are doing right now is making 
sure that they are looking at their security requirements, 
procurement strategies, to actually begin migrating over to the 
cloud.
    Senator Carper. All right. Thank you.
    Again, another question for Mr. Kundra and Mr. McClure. I 
am sure you are both aware of news over the past couple of days 
concerning Google's claim that their Apps for government cloud 
product received Federal Information Security Management Act 
(FISMA) certification and accreditation from GSA. According to 
press reports, the Department of Justice (DOJ) notified Google 
in December 2010 that its Apps for government was, in fact, not 
FISMA compliant. To help provide some greater clarity on this 
issue, I would just like to ask both of you, if you would, to 
comment on the recent reports and discuss how OMB and GSA are 
addressing the concerns that are raised by them.
    Mr. McClure. Sure, I would be glad to bring some clarity to 
it. In July 2010, GSA did a FISMA security accreditation for 
Google Apps Premier. That is what the Google product was 
called, and it passed our FISMA accreditation process. We 
actually did that so that other agencies could use the Google 
product, and we do one accreditation, and it is leveraged, 
again, across many agencies.
    Since that time, Google has introduced what they are 
calling Google Apps for government. It is a subset of Google 
Apps Premier. And as soon as we found out about that, as with 
all the other agencies, we have--what you would normally do 
when a product changes, you have to recertify it. So that is 
what we are doing right now. We are actually going through a 
recertification based upon those changes that Google has 
announced with the Apps for government product offering.
    Senator Carper. Mr. Kundra, any comment, please?
    Mr. Kundra. Well, from an OMB perspective, we do not 
actually get involved in individual procurements. We are more 
focused on the broader policy around this shift to cloud 
computing.
    Senator Carper. All right. I appreciate what you both have 
said here today, but given the potentially serious nature of 
the news, I have asked my staff to followup with your offices 
today on this issue so we can try just to get to the bottom of 
it. And I would also like--I am going to ask that you respond 
to any questions for the record that the Members of the 
Subcommittee may have on this same issue.
    Another one for Mr. Kundra and Mr. McClure and then I will 
close it with a short question for Mr. Powner.
    Today the continuing resolution (CR) introduced in the 
House, H.R. 1473, gives, I believe, $8 million to the 
Electronic Government Fund. This fund, which is often referred 
to as the E-Government Fund around here, pays to operate the IT 
Dashboard, USAspending.gov, among other things. And I 
understand that your original request was for around $34 
million.
    Given this steep cut, will the E-Gov Fund continue to 
operate as it has in the past? Or can we expect some of these 
Web sites to go dark?
    Mr. Kundra. Well, I think given the original request versus 
where we are right now, we are still evaluating the 
implications, but we are going to have to make some tough 
decisions around which systems are going to have to go offline 
versus what can be supported with the $8 million fund. Since 
this is very recent news, we have not had a chance to actually 
sit down and prioritize systems.
    Senator Carper. All right. Senator Brown has already asked 
a question about what further can we do to be helpful, 
supportive, and constructive, and I am going to come back to 
that and ask you what will be really the last question I ask of 
you. But before I ask that--and you have given us some thoughts 
already, but I want to just ask you to reinforce and re-
emphasize some of your points.
    In each of your minds, what are the metrics for success for 
the President's plan? What are the leading indicators that the 
Congress and the American people can look to in, say the next 
14 or so months to tell us if we are successful or not? Mr. 
Powner, do you want to go with that first?
    Mr. Powner. In terms of the IT reform plan, I would say 
getting more of those projects into the green would be one 
large area, and also in the data center arena, the goal to 
reduce 800 data centers by 2015, that in the next year or 18 
months, to Mr. Kundra's point that we are making progress on 
that, that is a stretch goal, but the stretch goals are very 
good.
    Senator Carper. Good. All right. Mr. McClure.
    Mr. McClure. Well, I think the IT reform plan covers so 
many different things that there are a lot of different ways to 
look at the measurement of its success. For example, we know we 
need to, as Dave has mentioned, and Vivek, that we need to 
improve program management in the government. That is not 
something you solve overnight. So some of these will have 
longer-term success measures than others. But I think the real 
things for us to focus on and we are focused on is looking at 
real cost savings, No. 1. No. 2, making sure as Vivek goes 
through the TechStat that poorly performing projects cease or 
at least they are repaired or fixed before they proceed. And 
then, last, I think the measures for IT that are really golden 
are whether it is improving the business, the operations of 
government.
    So we really ought to be looking at the operational metrics 
of government and the service delivery of our programs. That is 
what IT is supposed to be helping do.
    Senator Carper. All right. Good. Mr. Kundra.
    Mr. Kundra. I would say three quick things.
    No. 1 would be to improve the yield on the $24-plus billion 
we spent on infrastructure, whether that is through shutting 
down the 800 data centers or shifting to cloud.
    Second would be to make sure that the money we are spending 
on large-scale IT projects that we actually terminate, turn 
around, or halt poorly performing projects that could yield 
billions in savings.
    And third, I think creating an ecosystem where we introduce 
Darwinian pressure as far as startup companies and innovative 
technology companies that can come and compete for Federal 
business.
    Senator Carper. All right. Thanks.
    Senator Brown, while you were out of the room, I told the 
panel that the last question I had for them is really one that 
you have already asked, but it is a real good question, and I 
just want to come back to it again. It is one I often ask 
panels in discussions of this nature.
    Again, just re-emphasize for us, underline for us the 
things that we need to continue doing on our side as one of the 
three branches of government to get to, in this arena, better 
results for less money. Mr. Powner.
    Mr. Powner. Well, a couple points here. Mr. Chairman, we 
have been at this for many years, but right now we have the 
best transparency we have ever had with the IT Dashboard. So I 
think your bill that would codify some type of--where that 
transparency continues, that is clearly needed. And also, each 
year that we are up here, we are always talking about hundreds 
of projects totaling near $20, sometimes $25 billion at risk--
that has not changed over the years. We now have probably the 
best reform plan we have ever had, so in terms of the best 
transparency and the best plan, now is the time to execute to 
those plans. So I think your oversight hearings focused on 
those areas, along with your legislation, is very helpful.
    Senator Carper. All right. Thank you. Mr. McClure.
    Mr. McClure. I would agree totally. I think the role of the 
Committee in shining transparency on exactly what is happening 
in the government is a change lever that the Congress needs to 
utilize as much as it possibly can.
    Second, I think the budget process is a difficult one in 
the technology area because we assume that technology projects 
magically begin and end within a budget cycle, and many can but 
not all do. And yet we restart or recalibrate the discussion 
through the budget process. So aligning some of the budget 
needs with the technology cycles I think is something that the 
Congress should look at as well.
    Senator Carper. All right. Thank you. Mr. Kundra.
    Mr. Kundra. I think, Mr. Chairman, you are commended to 
really bringing a focus on Federal IT, which is not necessarily 
the sexiest subject in government. So I really appreciate the 
focus that you have brought over the many years.
    The areas that I think would be really, really helpful, I 
think the bill that you focused on and what I have seen working 
with your teams, seems to be transformational.
    Second would be the focus on the budget authorities; 
especially consolidating commodity IT under departmental CIOs 
would be extremely helpful in moving this conversation forward.
    Senator Carper. Great. All right. That is very helpful. 
Thank you.
    Senator Brown, any last questions before we excuse this 
panel? All right. Gentlemen, thank you so much for joining us 
today and for the good work that is going on, and let us just 
not relent. Let us keep it going. Thanks so much.
    All right. Panel No. 2. I like to say we were saving the 
best for last, but those first guys were pretty good. We will 
see.
    The first witness on our second panel is Steve O'Keeffe, 
Founder of MeriTalk Online, a Government IT network that 
focuses on driving the Government IT dialog. A 20-year veteran 
of the Government IT community, Mr. O'Keeffe has worked in both 
government and industry. In addition to MeriTalk, Mr. O'Keeffe 
has founded Telework Exchange, GovMark Council, and O'Keeffe & 
Company. Nice to see you. Welcome.
    Rishi Sood--is that correct?
    Mr. Sood. Yes.
    Senator Carper. Has your name ever been mispronounced?
    Mr. Sood. Every day.
    Senator Carper. OK. All right. Hopefully not here. Mr. Sood 
is Vice President of Gartner Incorporated, a major information 
technology research and advisory company. Mr. Sood has spent 
the past 17 years at Gartner, but his recent focus has been 
dedicated to cloud computing and cybersecurity policy in 
government.
    Our final witness is Mr. Al Grasso, President and Chief 
Executive Officer of MITRE Corporation. Nice to see you. MITRE 
Corporation is a leading not-for-profit organization which 
provides high-level analysis and information related to 
information technology and modernization.
    We welcome you all. Thank you for your preparation and your 
willingness to spend this time with us, and we look forward to 
hearing your testimonies. Again, your entire statements will be 
made part of the record. If you would like to summarize, that 
would be just fine.
    I am told we are going to have a vote at noon, high noon, 
so that will give us an opportunity to complete each of your 
testimonies, and then what I will probably do is just run--if 
we only have one vote, I am just going to go to recess for a 
few minutes, run and vote, and then come back and we will ask a 
few questions.
    Mr. O'Keeffe, would you like to lead us off? Thank you.

    STATEMENT OF STEPHEN W.T. O'KEEFFE,\1\ FOUNDER, MERITALK

    Mr. O'Keeffe. Thank you, Senator Carper.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. O'Keeffe appears in the appendix 
on page 80.
---------------------------------------------------------------------------
    Senator Carper. What did you say?
    Mr. O'Keeffe. Thank you.
    Senator Carper. I am just kidding. [Laughter.]
    You were not born in Mississippi, were you?
    Mr. O'Keeffe. No, I was not born in Mississippi. Just next 
to it.
    Thank you for the opportunity to testify here today. It is 
great to be back. My name is Steve O'Keeffe, and I am the 
Founder of MeriTalk, the online Government IT community. We are 
here today to talk about OMB's 25-point plan to fix Federal IT, 
and I would like to start with a quick comment about cloud 
computing, which is central to OMB's plan.
    As you mentioned, this is not Mick Jagger's cloud that we 
are supposed to get off. In fact, many Federal agencies have 
already jumped on the cloud. This is not pie in the sky, if you 
will pardon the puns. Cloud----
    Senator Carper. That is pretty good. I think you are on a 
roll here.
    Mr. O'Keeffe. Here we go. Cloud----
    Senator Carper. You are going to be a tough act to follow. 
I hope you guys are taking notes.
    Mr. O'Keeffe. I will be here all day.
    So cloud is delivering very real savings and enhancing 
agility at Federal agencies like National Aeronautics and Space 
Administration (NASA), Jet Propulsion Laboratory (JPL), 
Department of Health and Human Services (HHS), and the 
Securities and Exchange Commission (SEC). This is not 
experimental stuff. These are very real savings.
    So maybe to kick off, why should we modernize Government 
IT? The Federal Government currently spends north of $80 
billion, with a ``B,'' on IT. That is a lot of jingle--33 
percent more than the gross state product of Delaware, 
incidentally.
    Despite talk about doing more with less, these numbers 
continue to grow. I have been in the Government IT community 
for over 20 years, and every year the budget seems to go up.
    Agencies are spending nearly half their IT budgets, some 
$35.7 billion, supporting legacy technologies in need of 
modernization. And so to the 25-point plan. Like many others, 
my first review of OMB's 25-point plan ended in confusion. 
Twenty-five points. Really? When I was a small boy in school, I 
had profound challenges remembering the Ten Commandments, and, 
of course, there were only 10 of those.
    As we did last year for the Committee's open government 
hearing, MeriTalk launched a survey of the Federal IT community 
to get government and industry perspectives on the 25-point 
plan. We asked respondents to rate each point of the plan based 
on whether it was, one, desirable and, two, doable. And taking 
a leaf out of Ross Perot's book--for those people who remember 
the election--we have charts again, and I think those are in 
front of you, Senator Carper.
    The net up-front is that the community feels that all 
points are desirable, but there are some serious questions 
about executability. Interestingly, government employees are 
less optimistic about doability than their industry 
counterparts.
    We asked the community to rate each point in the 25-point 
plan, and as you can see from the All Respondents chart, the 
scattergram, the community does not place equal value on all 
points. Interestingly, the evolutionary, nurturing and easy-to-
understand points score best--Katie doing Vanna White here--
with Point 7, design a formal IT program management career 
path, topping the charts.
    The most revolutionary initiative rated lowest. See Point 
3, Cloud First.
    Other disruptive initiatives did not fare that well either: 
Point 1, data center consolidation, hit roughly in the middle 
of the pack. And Point 2, enabling a governmentwide marketplace 
for data center availability scored poorly as well.
    Now, let us look at civil versus defense. As you can see in 
the charts, civil and defense respondents march very much in 
lockstep. Point 7, design a formal IT program management career 
path, and Point 10, launching a best practices collaboration 
platform, top the charts. Interestingly, civilian agencies are 
more focused on Point 16, reducing barriers to small innovative 
technology companies, a point that Vivek hit pretty hard, I 
think. Due to their dynamic mission, defense agencies have 
embraced this approach long ago. DOD demonstrates a greater 
appetite for shared services as well as optimism for 
executability.
    Now to government versus industry. Interestingly, with the 
exception of government being less optimistic about the ability 
to deliver, government and industry are almost precisely on the 
same page. The exceptions include that industry prioritizes 
Point 8, requirement to scale IT program management career 
path, as well as Point 15, requirements to issue guidance and 
templates to support modular development. It is no great 
surprise that these points are important to contractors that 
are interested in getting it done.
    Closing out the survey, we asked what one thing would 
respondents recommend that the government do to improve Federal 
IT. Both government and industry suggested that we attach 
accountability to objectives. Other hot recommendations: allow 
CIOs to retain funds they save, eliminate unfunded mandates, 
and reduce the number of objectives. Clearly, less is more.
    The net take-away from the study: To increase the impact of 
efforts to fix Federal IT, we need to simplify the message and 
focus on the three C's--consolidate, connect, and calibrate.
    Consolidate: Less is more.
    Connect: The Federal Government's senior IT professionals 
are not equipped for nor experienced at driving change. We need 
to communicate the why, how, and what it means for your career 
in order to successfully operationalize desired change.
    Calibrate: We need to set goals that we really can and mean 
to measure, and we need to follow through on measurement and 
hold executives accountable. We need to recognize that the 
changes on the table are not easy. We should set realistic 
timelines, and we need to establish venues and tools to support 
Federal IT professionals as they move through the profound 
changes.
    If the definition of insanity is doing the same thing and 
expecting a different outcome, then Mr. Vivek Kundra deserves 
high praise for introducing much-needed new thinking into 
Federal IT. Federal IT professionals estimate that data center 
consolidation and cloud can drive upwards of $14 billion, again 
with a ``B,'' in efficiency savings.
    Mr. Kundra is asking for $25 million to fund the Federal IT 
fixes. The return on investment on this $25 million is hundreds 
of dollars for pennies invested. The point here is not that we 
should focus on the easiest or most popular initiatives. OMB 
needs to prioritize and focus hardest on the programs that 
offer the highest return on investment. That means cloud and 
data center consolidation. We need to listen to feedback from 
the community, set a clear vision, and build an operational 
framework to realize the changes that we seek.
    Thank you for the opportunity to testify.
    Senator Carper. We thank you. Thank you very much.
    Mr. Sood, please proceed.

STATEMENT OF RISHI SOOD,\1\ VICE PRESIDENT, GOVERNMENT VERTICAL 
               INDUSTRIES, GARTNER, INCORPORATED

    Mr. Sood. Chairman Carper and distinguished members of the 
Subcommittee, thank you for the opportunity to speak to you 
today. My name is Rishi Sood, and I am Vice President of 
government research at Gartner. Gartner is the world's leading 
information technology advisory and research firm and is a 
valuable partner to 60,000 clients and 11,000 distinct 
organizations, including the Federal Government.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr Sood appears in the appendix on 
page 93.
---------------------------------------------------------------------------
    In examining the President's plan, I would like to focus on 
the growth in Federal IT spending, the elements of the plan 
that will have an immediate impact, and reform issues that will 
be important over the long term.
    To begin with, Federal IT spending has exploded over the 
past decade. According to my research at Gartner, traditional 
IT spending by Federal Government organizations was 
approximately $32.2 billion in 2001. This year it will reach 
$80.1 billion. This is an increase of over 248 percent over the 
past 10 years.
    While much of this IT expansion is justified by growing 
Federal operations, insufficient analysis has been given to the 
cost effectiveness of IT spending. Additionally, some of the 
spending increases have not been effectively coordinated, 
resulting in some cases in technology sprawl across the Federal 
Government.
    Given this dramatic rise in Federal IT spending, there are 
a number of questions that need to be addressed. What is the 
value and cost effectiveness of IT spending? To what extent is 
accountability adequately built into the IT spending? And what 
steps should be taken to invest the right amount in the right 
applications while avoiding costly mistakes?
    While these questions are always important, they are even 
more important in light of the current budget battles and 
fiscal constraints that will affect Federal IT spending. Not 
only will Federal agencies face slower growth in IT spending 
over the next decade, but there also may be cutbacks to current 
levels of IT spending. Urgent action is needed to improve IT 
spending because reforms will take time to show results.
    In the end, however, the value of IT comes from the impact 
of technology on government operations, increased productivity, 
lower cost of service delivery, and increased customer service. 
To succeed in these times, government must harvest the upside 
potential of IT while limiting the downside risk of 
implementation failures.
    Let us discuss some of the parts of the reform that will 
have an immediate impact.
    President Obama's 25-point reform plan is a strong path 
forward to align the needs of Federal Government organizations 
with budget realities. The reform creates guardrails needed to 
guide technology operations while continuing to promote 
innovation and accountable technology use. In many respects, 
the reform plan lays the initial foundation needed to answer 
the questions raised earlier: value, accountability, 
application size, and mix.
    Several of the areas of the reform plan will likely be most 
important for Federal technology management practices. These 
include:
    No. 1, the focus on an empowered CIO position. Empowered 
CIOs are needed to set enterprise goals, push standardization 
through the organization, and drive more efficient technology 
use. By strengthening the CIO position, there will be greater 
accountability for achieving targeted agency goals.
    No. 2, move to a data center consolidation plan. The 
increase in data centers across the Federal Government has been 
dramatic. The task now is to consolidate these data centers to 
drive down costs and increase efficiency. Harvesting economies 
of scale is critical for the effective allocation of 
information technology investments.
    And, No. 3, the focus on shared services. The move to 
shared services provides an important means for Federal 
agencies to maximize the value of technology, create a 
services-led approach to technology delivery, and build more 
efficient IT services across the government enterprise.
    Now let us look at some of the longer-term reform issues in 
front of us. The President's reform plan includes other 
strategically important goals that will likely require a longer 
time horizon to implement. These include additional investments 
in government personnel. The Federal Government will need to 
invest in Federal contract officers, acquisition officers, and 
program managers to drive and execute real change in 
procurement, acquisition, and management of technology 
projects.
    No. 2, technology vendor outreach, partnerships, and buy-
in. An effective technology and service provider community is 
an essential part of Federal success with IT. As larger reforms 
take root, it will be vital for the Federal Government to 
increase its outreach to the vendor community, continue to work 
in partnership approach with this community, and to secure a 
strong buy-in for the changes ahead.
    And then, No. 3, an agile approach to IT. One of the most 
difficult yet important aspects of the reform plan involves 
building a modular approach to technology investments. This 
will span multiple parts of the technology life cycle and will 
likely require more effective and detailed use of newer 
methodologies, like EVM and PPM, to support these goals.
    In addition to the issues described above, it will be 
important for Federal officials to recognize the following:
    No. 1, timing. The reform plan includes goals for 6-, 12-, 
and 18-month time periods. While these goals are laudable, they 
may be overly ambitious. The Federal Government is an enormous 
enterprise, and it is difficult to achieve significant 
structural changes in a short time horizon.
    No. 2, assisting agencies through the change. While some 
agencies have embraced the changes proposed, other agencies may 
be more resistant to change. As the reform plan moves forward, 
proper incentives and disincentives will be critical in moving 
agencies in a cohesive fashion.
    And then, No. 3, technology as a silver bullet. In the end, 
it must be recognized that information technology represents 
the best mechanism to improve government efficiency and lower 
the cost of service delivery. Consequently, IT must remain an 
important area of continued aggressive investment. The critical 
issue now is to protect and incentivize the IT reforms noted 
here so that Federal IT will maximize results while minimizing 
mistakes.
    Thank you for your time, and I look forward to your 
questions.
    Senator Carper. Thanks. That was great testimony. Thank you 
so much.
    Mr. Grasso, welcome. Very nice to see you.

 STATEMENT OF ALFRED GRASSO,\1\ PRESIDENT AND CHIEF EXECUTIVE 
                 OFFICER, THE MITRE CORPORATION

    Mr. Grasso. Thank you. Chairman Carper, Senator Brown, 
honorable Members of the Subcommittee, thank you for giving me 
the opportunity to appear in front of you today on this very 
important topic.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Grasso appears in the appendix on 
page 98.
---------------------------------------------------------------------------
    As you mentioned, my name is Alfred Grasso. I am President 
and CEO of the MITRE Corporation. Our company's 50-plus years 
of experience, contributions, and accomplishments have given us 
a perspective that I believe is highly relevant to the topic of 
information technology planning and management.
    Information technology-intensive programs operate in an 
environment of rapid technology evolution where new generations 
of technology are introduced in months rather than years. 
Unfortunately, currently the Federal acquisition processes and 
budget cycles are not well matched to these timelines. OMB's 
25-point plan is a positive step in the IT reform process.
    As I observe the state of IT management in the Federal 
Government, I am struck by the amount of attention paid to the 
failures versus time analyzing the successes for critically 
important lessons. There is a strong tendency to impose new 
policies, processes, and reporting requirements in an effort to 
avoid future failure. These requirements introduce a burden 
that reduces agility, imposes costs, and delays the delivery of 
capability.
    In an interesting study conducted at the Defense 
Acquisition University, students determine that a ``null 
program''--that is, a program that delivers absolutely nothing 
but satisfies mandatory reporting and process requirements--
takes about 3 years to complete under the current rules. A 
system that requires 3 years to deliver nothing is clearly 
fundamentally flawed.
    The 25-Point Implementation Plan to Reform Federal 
Information Technology Management is based on practices that 
work. We applaud OMB, Mr. Kundra, and the Federal CIO Council's 
leadership on this topic. However, experience leads us to 
observe that additional steps can be taken both to enable 
successful implementation of the plan and to expand on some of 
the important goals defined in it. With that in mind, enduring 
change will require the following:
    First, establish IT governance that includes authorities 
and flexibilities where they best contribute to the success or 
failure of these programs, without losing transparency into how 
these portfolios are performing.
    Second, build and empower PMOs by incentivizing and 
professionalizing key management and technical roles to 
motivate people to adopt these roles as careers, not simply 
jobs.
    Third, define and build IT capabilities that are both 
secure and resilient.
    The first step is to establish a governance model that 
combines a comprehensive portfolio management and budgeting 
approach with close coupling to the end user. The goal from my 
experience is to provide the authority for CIOs to manage their 
budgets as a portfolio, with the flexibility to shift resources 
to address changing needs, changing technology, and increasing 
agility.
    Fundamentally, the problem is this: The investment decision 
process occurs 12 to 24 months before the budget is actually 
made available, but the scoping, planning, and foundational 
technical work necessary to make a sound investment decision 
cannot be taken that far in advance and without some limited 
budget authorization. The 25-point plan proposes to work with 
Congress to realign this process, and we agree that is an 
important thing to do.
    I strongly encourage Congress to take the necessary steps 
to realign the budgeting model and allow CIOs and portfolio 
managers to exercise the strategic decisionmaking that their 
peers in the private sector have had for years.
    In addition, the plan raises the need to align the delivery 
and technology cycles through incremental delivery. Again, I 
agree. However, it is critical that the increments be defined 
by sound, up-front architecture and systems engineering and the 
timing of increments be linked with the operational tempo. 
Sound systems engineering performed early in a program's life 
cycle has a strong correlation with improved project cost 
estimation and schedule planning. Likewise, alignment with the 
operational tempo ensures that technology drops have clear 
business value and leverage IT infrastructure to support future 
cost-effective delivery of capabilities.
    The second critical step is to establish strong program 
management offices by incentivizing and professionalizing the 
key roles for successful IT program delivery. In my past 
testimony to this Subcommittee, I emphasized the importance of 
maintaining strong technical and management capabilities within 
the PMOs.
    It continues to be my experience that successful programs 
are characterized by a strong government PMO capable of acting 
as a strong technical peer with contractor counterparts on 
systems engineering topics. The individuals assigned to these 
program offices must view their position as a career and not 
simply a job. Incentives play a key role in attracting and 
retaining competent program office personnel. Establishing a 
career progression gives individuals the opportunity to secure 
greater responsibility and pay commensurate with increased 
degrees of proficiency.
    The third area of extreme importance is securing 
information systems and ensuring their resilience. This should 
be a critical aspect of any investment, and it warrants major 
investments in its own right. All too often security is 
regarded as an afterthought, and all too frequently concerns 
about system vulnerabilities are used to justify making less 
transformational investments and adhering closely to the status 
quo.
    It is critical that the architecture and design of IT 
systems address both vulnerabilities and the capabilities 
required to withstand a breach. These factors should be key to 
the evaluation of any IT investment to avoid additional costs 
downstream. This is a topic on which the Federal CIO, the CIO 
Council, and the Congress can provide more leadership. They 
should send a clear message that government information 
technology investments must not only be aligned with business 
needs, deployed incrementally and managed properly within 
budget and schedule, but also must be architected, developed, 
and operated with a clear eye on protecting public and private 
data and continuing the critical services government performs 
for the public.
    Achieving the results expected of the 25-point plan 
requires a major transformation that spans many aspects of the 
Federal Government's operations. The many elements of the 25-
point plan reflect two sets of related priorities: Adopting new 
technology that enables greater efficiency and establishing an 
enduring foundation of capabilities to plan, manage, and 
execute IT programs more successfully. I believe the latter 
represents both the greatest challenge and the true imperative. 
Without the opportunity, authority, and resources to accomplish 
these goals, the success rate in adopting new technology will 
continue to suffer.
    I am supportive of the direction of the 25-point plan as 
well as other similar action plans developed and being 
implemented across many agencies today. I am encouraged by this 
Subcommittee's clear interest in taking steps to codify methods 
and operating models that we know to be successful and on the 
increased emphasis on develop foundational capabilities that 
will endure beyond contemporary solutions.
    I believe if these steps are taken, the promise of the 25-
point plan can be realized, and the priority it lays out will 
have lasting value.
    I respectfully request that my prepared statement be 
included in the record, and I would be pleased to answer any 
questions.
    Senator Carper. And we will be pleased to make your 
prepared remarks part of the record.
    That was an excellent summary.
    Thank you for your testimony, all of you. It was just 
superb.
    You may have heard that a vote has started, and I am going 
to run and vote, and we will just recess for a little bit. When 
I come back, the first question I will ask you--you can be 
thinking about this. I am going to ask you to reflect on the 
testimony of each of the other two witnesses appearing with you 
and some things that you think that you really agree with or 
maybe you are not sure about. And if there is anything you 
would like to look back to the testimony of our first three 
witnesses, to comment on what you heard there that might be 
appropriate to raise. We will start with that, and we will 
probably go for about, 15, 20 minutes and then adjourn.
    All right. Thanks very much. I will be back in about 10 
minutes. [Recess.]
    I am going to ask that we reconvene. Thank you for your 
patience and for bearing with us, and now let us resume.
    Just before I left, I indicated that my first question was 
going to be to ask you to reflect on what your colleagues here 
at the table have had to say and for each of you just to do 
that, and if you have any reflections on some of the testimony 
and the answers that the first panel provided for us, I would 
welcome either of those.
    Mr. Grasso, would you like to lead us off, please?
    Mr. Grasso. Sure. There were several points that have been 
made throughout the day here today that I think are especially 
valuable, and, in fact, one reflects a question that you asked 
earlier. I think it should be no surprise to anybody that what 
is presented in the 25-point plan is a significant change 
agenda. And when it comes to change, there is indeed quite a 
bit of resistance to change because it imposes on people's 
equities in some cases and threatens others.
    So we look at things like data center consolidation and so 
forth, while we have, I think, admirable objectives, there is 
no doubt in my mind as we progress in this area that there will 
be obstacles in achieving those objectives. But I believe, with 
the proper level of leadership, attention, and perseverance, 
that we could overcome those obstacles.
    What we really do need to do is to ensure that the right 
incentives are in place for everybody so that we are all moving 
in the same direction.
    Senator Carper. Talk a little bit more about that, please?
    Mr. Grasso. All too often there are individual incentives. 
Everybody around the table is incentivized for their own 
personal career growth for a number of reasons. There are 
organizational incentives and there are incentives that are 
given to contractors in supporting the activities.
    So if you look at those three different incentives, today 
many of the individual incentives really are less focused on 
the outcome of the activity, and they are more focused on what 
I would call a career track for an individual.
    If you take a look specifically in the military, the job 
rotation and the assignments a person has been in is more 
important perhaps than staying in an assignment for a long 
enough period to see an outcome fulfilled. So we are finding 
folks rotating more often than should be.
    Inside industry, if you have a successful program manager 
on an important program, rest assured that person will be 
rewarded from a career perspective while on that program and as 
he or she transitions out of that program. It is often not the 
case where someone can get rewarded by staying on the same 
program for a number of years beyond what would be typical for 
that kind of assignment inside of government. So the incentives 
need to be properly aligned to ensure that they are indeed 
pursuing what they believe to be a very strong career track.
    And the last point I would make is the topic of 
accountability. We all need to be accountable for these 
outcomes, and I think it is important to recognize that the 
successful outcome is one for which a number of stakeholders 
are involved. And there needs to be a shared sense of 
accountability, not just the CIO is accountable and he or she 
will succeed. All of the stakeholders need to share that level 
of accountability and need to be incentivized to do so. So I 
think those are some key points that were made.
    One last point that I think Rishi made is the business 
value. We talk about IT sometimes exclusive of the value that 
it delivers to transform the business and to deliver new 
capabilities or perhaps to deliver current capabilities more 
effectively. So we need to ensure that the IT community and the 
mission side are very closely connected to ensure that it is 
delivering the business value that it was intended to deliver.
    Senator Carper. Good. Thank you. Those are very good 
points. Thank you. Mr. Sood.
    Mr. Sood. I think there was really valuable testimony by 
fellow panelist Mr. Grasso here that really focused on sort of 
the governance issues, that focused on really the program 
management and career path issues associated with maintaining 
this course across the Federal Government. I think that is a 
vital aspect of the reform plan, the amount of investment that 
we are putting back into the agencies and the personnel within 
those agencies.
    I also think Mr. O'Keeffe has provided some really valuable 
data straight from governments directly, straight from the 
agencies and the vendor community directly in really 
interesting ways, not just what we should be doing and what is 
appropriate and what they think is appropriate about the reform 
plan, but also what is doable. And that juxtaposition between 
what can be done or should be done and what can be done over a 
short period of time I think is very valuable. It gives you a 
sense, I think, as Chairman of this Committee, really to look 
at the level of resistance that might be focused on some of the 
major reform plan items and the need to really push and lead 
those issues forward.
    I just want to make another comment, though, that was 
specific to the earlier panel, the government panel directly, 
because I think they made a number of points which were talking 
about transparency about this process, about the fact that you 
have been dedicated to holding these hearings and really 
shining a light, if you will, on this process.
    The combination of the IT Dashboard, the combination of the 
TechStat strategies, the combination of the hearings you are 
holding I think truly are making some of those first steps 
toward reforming the entire process and getting the level of 
waste and the level of efficiency out of the IT pantheon. So I 
applaud those efforts.
    Senator Carper. Thanks for saying that. Thank you. Mr. 
O'Keeffe.
    Mr. O'Keeffe. I wish you had told me there was a test 
beforehand. I would have paid more attention.
    Senator Carper. This is a pass/fail course. [Laughter.]
    Mr. O'Keeffe. I think there has been some very valuable 
testimony, and the perspectives of my fellow panelists here 
have been terrific.
    I think that the incentive point that Mr. Grasso makes is 
right on the money. We need to look at why people are going to 
be incented, what we refer to as ``What's in it for me'' 
(WIIFM)?
    There are programs that have been launched at various 
Federal agencies where if you uncover savings opportunity, you 
get to keep 50 percent of that money. And what has the result 
been? No savings opportunities have been uncovered because they 
already have 100 percent of the money, so why would they want 
to identify a program in order to lose half the budget?
    If you look at things like data center consolidation--and 
John Collins has been involved in some of those meetings--we 
are looking at the ability to consolidate data centers in other 
agencies' data centers. Well, we had a data center lead from an 
agency out in Austin, Texas, who said that--he called around to 
agencies in the area in Austin and San Antonio to identify what 
other agencies might have space so he could consolidate into 
them. And what he found was nobody had any space. Why would 
they have space? Because if they allow him to consolidate into 
their data center, they lose that space and effectively they 
lose budget.
    So I think we need to look at some of the fundamental 
incentives. What are the carrots? What are the sticks? And, 
importantly where is the dog bone here? How are agencies like 
GSA eating their own dog food? Which I think is tremendously 
important.
    I think Rishi's perspective in terms of organizations like 
Gartner can provide terrific crossover from what has happened 
in the commercial market so we can identify best practices for 
government, which are critical.
    I also think there were some interesting perspectives 
shared from GAO saying there are 600 H.R. systems in the 
Federal Government, $2.9 billion. Clearly there is an 
opportunity for synergies and shared services.
    There are 4,700 systems currently outsourced. Vivek 
mentioned that. So when we talk about security, clearly there 
are security issues that exist in the current model. In many 
circumstances agencies are using security as a way not to move 
to cloud, and I have participated in testimony myself where we 
talked about the problems with leaky systems as they exist 
today on premise.
    I think some of the numbers about how many agencies have 
moved to cloud first are also very interesting. I would be 
curious to get more transparency into that, and also the 
discussion about the 14 items on the 25-point plan that are up 
in 6 months. I think the question about how far we have moved 
on those is a little unfair inasmuch as we are not sure what 
funding has been attributed to the 25-point plan.
    So I think just overall, as we look at--I am just looking 
up here at the crest above your head: E Pluribus Unum; From 
many, one. And so this notion of what we are trying to do as a 
Federal Government, I think we need to look at it as, how can 
we all work together in order to move the ball forward? And, 
critically, as we look at cloud computing, E Pluribus Unum 
really could be a motto for cloud computing inasmuch as the 
notion of everyone doing their own thing is not going to solve 
the problem. We do absolutely need to bring the resources 
together in order to provide a better, more effective, more 
efficient solution, not just for IT but for America.
    Senator Carper. That is great. Believe it or not, your 
reference to those Latin words behind me is giving me an idea 
for my closing thought. So that is good.
    This is really a question for all three of you, if I could, 
and let me just start with Mr. O'Keeffe. First, we want to 
thank you and your team at MeriTalk for the information you 
were able to provide today regarding the agency officials' 
feelings about the 25-point plan. Very interesting. You find in 
this detail that both government and industry want 
accountability attached to the objectives of the plan, and they 
also suggest CIOs be able to retain funds that they save.
    I want to ask each of you on the panel to discuss these two 
ideas. How do you propose we insert stronger accountability and 
stronger financial incentives into the management of Federal 
IT? And I will ask, Mr. Grasso, for you to lead off, and then I 
will just say I studied as an undergraduate--at Ohio State, I 
studied some economics, my professors would say not nearly 
enough, But I got an MBA at Delaware and studied a little more 
economics. But I have always been fascinated by how do we 
harness market forces to drive good public policy behavior. I 
have always been fascinated with that.
    So, Mr. Grasso, when you said in your remarks--I think you 
talked about aligning the incentives. I look at almost 
everything, almost every issue that comes before us here. How 
do we have the incentives aligned? But would you want to take a 
shot at that? How do you propose that we insert stronger 
accountability and stronger financial incentives into the 
management of Federal IT? You have already commented on this a 
little bit, but you might want to add to it.
    Mr. Grasso. Mr. Chairman, this is obviously a very tough 
topic. If we had the answers, we would probably be employing 
them as we speak today. But from an accountability perspective, 
all too often we measure accountability by activity and not 
necessarily by outcome, partly because activity is measurable 
We could measure that you did something and how well you did 
that something. But did all of those activities lead to the 
outcome that you had desired.
    Senator Carper. I like to say we measure progress--or we 
incentivize progress.
    Mr. Grasso. That is exactly right. So I would say it would 
be a good first step to really develop a set of shared outcomes 
that are defined well enough and not so far into the future 
that it will be several careers before you could achieve those 
outcomes, but outcomes that are indeed measurable, as is in 
this plan, where you have 6-month increments. You are not just 
measuring progress, but there is a very specific, tangible 
outcome which connects the entire community together and would 
be a shared success for the community. So that means that it is 
an outcome that has responsibility of the developer to deliver 
something, the user to accept it and to start using it, and the 
test community to ensure that they have a program that is in 
place in the right time sequence.
    If we become more outcome focused than activity focused, I 
think attention to accountability will increase significantly.
    Senator Carper. Good. Thank you. Mr. Sood.
    Mr. Sood. Yes, just to dovetail on Mr. Grasso's points 
there, I will go back to my written testimony that really 
focused on the business value of IT. I think too often in the 
reform or in the discussions about the reform plan, there has 
been focus on whether Project X or Project Y should be canceled 
or not and what are the cost savings associated with that.
    I think in many respects CIO Kundra made a very important 
point, that when he did the first pass of the at-risk project 
list and took a look at the four that were terminated and the 
11 that were reformed, if you will, the more important side of 
that was the 11 that were reformed because at the end of the 
day the business need is still going to be there for whatever 
the technology initiative initially was there.
    So being able to tie back incentives and being able to tie 
back that process to what is really the impact on the agency's 
specific business process or the outcome that they are trying 
to achieve I think is a fundamental part of how we look at 
reform. It is not simply about taking the 2,000 data centers 
and moving them down to a manageable 1,000 or what have you. It 
is really about how efficient those data centers are and how 
much are we leveraging the economies of scale in running those 
data centers so that they are impacting real business issues.
    Senator Carper. All right. Thank you. Mr. O'Keeffe.
    Mr. O'Keeffe. I think to accountability, transparency is 
the answer. We need better data. The IT Dashboard is a great 
move. There are still some significant fidelity issues in terms 
of the quality of that data. But the best way to drive 
accountability is transparency, and I think that has been 
talked about. We need to continue to invest in those resources.
    We need to make sure that we do not make claims about what 
is out there that is not out there. And so if you look at 
things like the subcontractor database that was announced in 
the Washington Post 6 to 8 months ago, the quality of that data 
still is not particularly good. So we need to make sure that 
people are rewarded, which goes back to incentives.
    I think that when you look at IT people--and we are hiring 
them right now--they are very difficult--very good quality IT 
people are very difficult to hire, especially if you look at 
people, for example, who are building mobile applications, some 
of the more progressive disciplines. And so the public sector 
needs to work out how to incent these people to work in the 
government and to stay in the government. There are many, many 
excellent IT people in the Federal Government. But if you have 
a culture where you cannot afford to hire the best and, 
candidly, you have significant challenges getting rid of people 
that do not perform, then what kind of culture does that breed?
    I think there are many opportunities for the government to 
incent and motivate these IT executives and professionals and 
practitioners. This should not be about the beatings will 
continue until morale improves. And if there are too many 
unfunded mandates, it is very difficult to get out of bed in 
the morning and feel good about what you are doing.
    So we do not have the ability to open up the pocketbook and 
just lavish money on these people, as many private sector 
organizations are. But we can look at things like telework 
where we can give people the flexibility to work from home. We 
can look at some of the prizes that are out there right now 
where we can reward innovation coming from the government. And 
I think we also need to look at what we are outsourcing. So 
maybe some of these more interesting, more engaging projects, 
instead of outsourcing those to contractors, we could be 
looking at providing those exciting projects for government 
employees to work on.
    Senator Carper. All right. All good ideas. Thank you.
    A question for Mr. Sood and Mr. Grasso. In your testimony 
today, you both noted how the President's plan incorporates a 
number of commercial best practices and attempts to bring them 
to government. One example of this is a move to segmented or 
modular development of IT projects.
    What concerns do each of you have about the ability of 
government to embrace this approach, how we can make sure that 
agencies have what they need to make this particular piece of 
the President's plan successful?
    Mr. Grasso, do you want to lead us off?
    Mr. Grasso. Sure. If we take a look at the technology that 
we are accustomed to in our everyday lives today, whether it be 
the cell phone maybe in your pocket, whether it be the iPad in 
your briefcase, or the laptop, those have become commodities to 
us. We are turning those around anywhere from every 9 months to 
every 3 years. But we are able to do so because they are built 
on a very strong foundation and platform that evolves over 
time, and we do not necessarily have to retrain ourselves, nor 
do we have to restructure our own internal home infrastructure 
to accommodate these things.
    The platform itself is evolving to allow forward 
interoperability of new technologies. It is done because the 
interfaces are very clearly defined. The modularity of 
components are very clearly defined, and a marketplace has been 
created where you have many contributors and innovators that 
are working inside this platform and this framework that allow 
it to evolve. So we believe, I believe that it is critical that 
we are able to do this going forward on the government side of 
the house.
    On the government side of the house we have progressed 
quite a bit, but I come from a world where we buy everything 
all together. If you need to buy a new software system, you buy 
the hardware that goes with it and the infrastructure that goes 
with it then you are evolving the entire thing. You are not 
building on top of a platform. So we need to change that 
thinking that exists today for which fundamentally we need to 
be interdependent. We need to allow service providers to 
provide that platform, that infrastructure, and build the 
value-added applications on top of it, allow that 
infrastructure to, in fact, evolve on its own and feel 
confident that those interfaces that evolve will allow my 
future applications to also evolve so that I do not necessarily 
have to design the underlying infrastructure each and every 
time I upgrade.
    Senator Carper. All right. Good. Thanks. Mr. Sood.
    Mr. Sood. Yes, I would just say that agility with respect 
to IT is going to be the fundamentally most important way by 
which we really reform Federal Government IT spending over the 
longer term. But in many respects, it represents sort of the 
antithesis of the way the Federal Government has historically 
really looked at IT spending. We have looked at these 
wholesale, big-bang approaches typically that last over a 2-
year procurement cycle, and the items or the requirements that 
you set up front might be obsolete by the time that procurement 
cycle is over and done with.
    Having a more agile approach really will change that 
flexible nature, that foundational nature of Government IT 
spending, but the problems or the concerns I guess I would have 
is: How is Congress going to adapt the budgeting part to 
coincide with this agile approach to IT? How are we going to 
invest in the next group of contract officers, acquisition 
officers, and program managers that are really trained and 
seasoned to apply some of those techniques to their projects? 
How do we take detailed methodologies like earned value 
management or product portfolio management and really apply 
that to the agile structure so that, to CIO Kundra's point 
earlier, we do not get into this road where we are finally 
assessing these projects 3 or 4 years later and they have spent 
$20, $50, $100 million without proven results? We need results 
or at least a review of results over a much more manageable 
timeframe.
    Senator Carper. All right. Thanks.
    The last question is, and this would be for everybody: I 
want, if you would, to just think sort of the big-picture here 
again as we close out, and I just wanted you to think outside 
of what you already talked about and ask could you go beyond 
what you submitted in your testimony or even said orally, but 
are there any other final areas of concern in Federal IT reform 
that are not getting enough air time? What are the things that 
might be flying under the radar, if any, that could come back 
to bite us later on down the road? We will just close with that 
one.
    Mr. O'Keeffe, any last thought there on that?
    Mr. O'Keeffe. Well, I think a couple points. Cybersecurity 
is not in the 25-point plan, and the comment from Mr. Kundra is 
that it is baked into everything. Teri Takai, the CIO for the 
Department of Defense, asked that question when the 25-point 
plan was revealed, so I think we need to make sure that we are 
mindful of what is going on in security.
    I think the feedback to date on FedRAMP has not been 
terrific, and so there is an opportunity to do better.
    I think it is great that GSA is listening to the feedback 
from its colleagues in government.
    I think the biggest thing to fear is fear itself and that 
we need to recognize this is changing very quickly. This whole 
community is changing very quickly. We need to be mindful of 
what can be a Luddite mentality. The people who oppose some of 
these changes are often referred to as ``box huggers,'' people 
that want their PC wherever it may be and they want to be able 
to go touch it.
    If you look at what has happened in the automotive 
industry, there is going to be significant change in industry. 
At one point there were Packards and there were Bugattis and 
there were a whole series of different cars, Tuckers and what 
you will. And ultimately we are going to consolidate that in 
the IT market to a number of players that we cannot subsist.
    And I think in closing if we do not change--here was a 
superpower at one time that----
    Senator Carper. There was a what?
    Mr. O'Keeffe. There was a superpower at one time that was 
structured under a monarchy and did not really recognize the 
value of democracy. And there was a revolution that you are 
probably aware of, which established a new superpower. And I 
think what we need to do is to recognize that the world is 
changing, and if we try to hang onto the way of the past in our 
society and also specifically in the IT changes that will 
enable that, then it will not be good for our future.
    Senator Carper. All right. Thank you. Mr. Sood.
    Mr. Sood. That is an excellent question, and I appreciate 
the opportunity to address it.
    I think in many respects we in the Beltway get really 
focused on federally specific issues, and we are very insular 
in that nature. I think in many respects we need to take a step 
back and see what we can learn from others, see what we can 
learn in the 50 labs of innovation that take place across State 
and local government and see what we can learn from global 
public sector central governments like the United Kingdom or 
Australia and what they are doing with their technology 
innovation. Or even take some of the lessons, as I mentioned in 
my written testimony, of commercial best practices and really 
not adopt them in government but adapt them for the best 
practices within government. I think that is sort of a 
fundamental issue that we could use more enlightenment on, 
shine more of a spotlight on, as to what are really the 
innovations that are taking place outside of the Federal 
Government here that we could be learning from.
    Senator Carper. OK. Good. Thanks.
    Mr. Grasso, you get the last word.
    Mr. Grasso. Throughout this discussion, I have heard the 
term ``compliance'' used quite a bit, and I would offer that 
compliance is necessary but it is not sufficient. We need to do 
things right, but we need to also do the right thing.
    So earlier in this discussion we talked about FISMA 
compliance with Google. What I would tell you is when it comes 
to compliance, compliance is often based on a number of 
experiences and best practices and, thus, a set of processes to 
avoid issues that were seen in the past.
    When you look at topics like cybersecurity, if you comply, 
you will avoid past problems. But it is not sufficient because 
we are learning new things each and every day. So we need to do 
business differently. So we need to go beyond simply 
compliance. We need to create an environment where we empower 
individuals to take the initiative, to assume that change, if 
you are doing the right thing, is actually a good thing.
    We talked about incentives earlier. Many individuals are 
incentivized to strictly comply to all of the rules. It puts 
them inside of a box, if you will, and sometimes while they are 
doing things right per the process, they are not necessarily 
doing the right thing.
    So I think we just need to be very, very careful. We talk 
about this plan being really a plan of change. We need to 
create an environment and a culture where change is acceptable 
and that we learn from our failures so that, in fact, we can 
succeed with the changes that we plan in the future.
    Senator Carper. Well, my thanks, our thanks really to each 
of you for coming back and testifying before us today and in a 
number of cases and for really giving us a lot to think about 
and, frankly, a lot to help us.
    You mentioned in your last comment there, you mentioned the 
word ``culture,'' and one of the things that I am endeavoring 
to do and this Subcommittee is actually endeavoring to do, is 
to try to change-bit-by-bit the culture in our government. And 
I said earlier in my opening remarks, I believe I mentioned, a 
lot of people think we operate under a culture of spendthrift, 
and what we are trying to do is to move away from that toward a 
culture of thrift where we really ask the question, ``Is 
possible to get better results for less money or for not much 
more money.'' And I think in most cases it is.
    One of the ways it has dawned on me is that one of the ways 
to get better results for less money is just by doing a better 
job in the way we develop and build these IT projects. That can 
really help us a lot. That is sort of a basic concept to 
understand, but it is really true.
    So thank you all. I am going to followup with a few more 
questions in writing. One of the questions I will probably 
followup in writing is: Some of the witnesses said very 
complementary things about our legislation, which Senators 
Brown, Collins, Lieberman, and I have introduced. I really 
would welcome your thoughts if there are some things that are 
missing or some things that ought to be taken out. So we are 
always interested in constructive criticism.
    Again, thanks for your testimony and for helping to light 
the way for us here in the Legislative Branch.
    With that, we are adjourned. Thank you.
    [Whereupon, at 12:56 p.m., the Subcommittee was adjourned.]


                            A P P E N D I X

                              ----------                              

[GRAPHIC] [TIFF OMITTED] T7128.001

[GRAPHIC] [TIFF OMITTED] T7128.002

[GRAPHIC] [TIFF OMITTED] T7128.003

[GRAPHIC] [TIFF OMITTED] T7128.004

[GRAPHIC] [TIFF OMITTED] T7128.005

[GRAPHIC] [TIFF OMITTED] T7128.006

[GRAPHIC] [TIFF OMITTED] T7128.007

[GRAPHIC] [TIFF OMITTED] T7128.008

[GRAPHIC] [TIFF OMITTED] T7128.009

[GRAPHIC] [TIFF OMITTED] T7128.010

[GRAPHIC] [TIFF OMITTED] T7128.011

[GRAPHIC] [TIFF OMITTED] T7128.012

[GRAPHIC] [TIFF OMITTED] T7128.013

[GRAPHIC] [TIFF OMITTED] T7128.014

[GRAPHIC] [TIFF OMITTED] T7128.015

[GRAPHIC] [TIFF OMITTED] T7128.016

[GRAPHIC] [TIFF OMITTED] T7128.017

[GRAPHIC] [TIFF OMITTED] T7128.018

[GRAPHIC] [TIFF OMITTED] T7128.019

[GRAPHIC] [TIFF OMITTED] T7128.020

[GRAPHIC] [TIFF OMITTED] T7128.021

[GRAPHIC] [TIFF OMITTED] T7128.022

[GRAPHIC] [TIFF OMITTED] T7128.023

[GRAPHIC] [TIFF OMITTED] T7128.024

[GRAPHIC] [TIFF OMITTED] T7128.025

[GRAPHIC] [TIFF OMITTED] T7128.026

[GRAPHIC] [TIFF OMITTED] T7128.027

[GRAPHIC] [TIFF OMITTED] T7128.028

[GRAPHIC] [TIFF OMITTED] T7128.029

[GRAPHIC] [TIFF OMITTED] T7128.030

[GRAPHIC] [TIFF OMITTED] T7128.031

[GRAPHIC] [TIFF OMITTED] T7128.032

[GRAPHIC] [TIFF OMITTED] T7128.033

[GRAPHIC] [TIFF OMITTED] T7128.034

[GRAPHIC] [TIFF OMITTED] T7128.035

[GRAPHIC] [TIFF OMITTED] T7128.036

[GRAPHIC] [TIFF OMITTED] T7128.037

[GRAPHIC] [TIFF OMITTED] T7128.038

[GRAPHIC] [TIFF OMITTED] T7128.039

[GRAPHIC] [TIFF OMITTED] T7128.040

[GRAPHIC] [TIFF OMITTED] T7128.041

[GRAPHIC] [TIFF OMITTED] T7128.042

[GRAPHIC] [TIFF OMITTED] T7128.043

[GRAPHIC] [TIFF OMITTED] T7128.044

[GRAPHIC] [TIFF OMITTED] T7128.045

[GRAPHIC] [TIFF OMITTED] T7128.046

[GRAPHIC] [TIFF OMITTED] T7128.047

[GRAPHIC] [TIFF OMITTED] T7128.048

[GRAPHIC] [TIFF OMITTED] T7128.049

[GRAPHIC] [TIFF OMITTED] T7128.050

[GRAPHIC] [TIFF OMITTED] T7128.051

[GRAPHIC] [TIFF OMITTED] T7128.052

[GRAPHIC] [TIFF OMITTED] T7128.053

[GRAPHIC] [TIFF OMITTED] T7128.054

[GRAPHIC] [TIFF OMITTED] T7128.055

[GRAPHIC] [TIFF OMITTED] T7128.056

[GRAPHIC] [TIFF OMITTED] T7128.057

[GRAPHIC] [TIFF OMITTED] T7128.058

[GRAPHIC] [TIFF OMITTED] T7128.059

[GRAPHIC] [TIFF OMITTED] T7128.060

[GRAPHIC] [TIFF OMITTED] T7128.061

[GRAPHIC] [TIFF OMITTED] T7128.062

[GRAPHIC] [TIFF OMITTED] T7128.063

[GRAPHIC] [TIFF OMITTED] T7128.064

[GRAPHIC] [TIFF OMITTED] T7128.065

[GRAPHIC] [TIFF OMITTED] T7128.066

[GRAPHIC] [TIFF OMITTED] T7128.067

[GRAPHIC] [TIFF OMITTED] T7128.068

[GRAPHIC] [TIFF OMITTED] T7128.069

[GRAPHIC] [TIFF OMITTED] T7128.070

[GRAPHIC] [TIFF OMITTED] T7128.071

[GRAPHIC] [TIFF OMITTED] T7128.072

[GRAPHIC] [TIFF OMITTED] T7128.073

[GRAPHIC] [TIFF OMITTED] T7128.074

                                 
