b'<html>\n<title> - EXAMINING THE PRESIDENT\'S PLAN FOR ELIMINATING WASTEFUL SPENDING IN INFORMATION TECHNOLOGY</title>\n<body><pre>[Senate Hearing 112-259]\n[From the U.S. Government Publishing Office]\n\n\n\n                                                        S. Hrg. 112-259\n \n                   EXAMINING THE PRESIDENT\'S PLAN FOR\n        ELIMINATING WASTEFUL SPENDING IN INFORMATION TECHNOLOGY\n\n=======================================================================\n\n\n                                HEARING\n\n                               before the\n\n                FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT\n                   INFORMATION, FEDERAL SERVICES, AND\n                  INTERNATIONAL SECURITY SUBCOMMITTEE\n\n                                 of the\n\n                              COMMITTEE ON\n               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS\n                          UNITED STATES SENATE\n\n\n                      ONE HUNDRED TWELFTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                             APRIL 12, 2011\n\n                               __________\n\n         Available via the World Wide Web: http://www.fdsys.gov\n\n                       Printed for the use of the\n        Committee on Homeland Security and Governmental Affairs\n\n\n\n\n                  U.S. GOVERNMENT PRINTING OFFICE\n67-128                    WASHINGTON : 2012\n-----------------------------------------------------------------------\nFor sale by the Superintendent of Documents, U.S. Government Printing Office, \nhttp://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202\xef\xbf\xbd09512\xef\xbf\xbd091800, or 866\xef\xbf\xbd09512\xef\xbf\xbd091800 (toll-free). E-mail, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2d4a5d426d4e585e594548415d034e424003">[email&#160;protected]</a>  \n\n        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS\n\n               JOSEPH I. LIEBERMAN, Connecticut, Chairman\nCARL LEVIN, Michigan                 SUSAN M. COLLINS, Maine\nDANIEL K. AKAKA, Hawaii              TOM COBURN, Oklahoma\nTHOMAS R. CARPER, Delaware           SCOTT P. BROWN, Massachusetts\nMARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona\nMARY L. LANDRIEU, Louisiana          RON JOHNSON, Wisconsin\nCLAIRE McCASKILL, Missouri           JOHN ENSIGN, Nevada\nJON TESTER, Montana                  ROB PORTMAN, Ohio\nMARK BEGICH, Alaska                  RAND PAUL, Kentucky\n\n                  Michael L. Alexander, Staff Director\n               Nicholas A. Rossi, Minority Staff Director\n                  Trina Driessnack Tyrer, Chief Clerk\n            Joyce Ward, Publications Clerk and GPO Detailee\n                                 ------                                \n\n SUBCOMMITTEE ON FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT INFORMATION, \n              FEDERAL SERVICES, AND INTERNATIONAL SECURITY\n\n                  THOMAS R. CARPER, Delaware, Chairman\nCARL LEVIN, Michigan                 SCOTT P. BROWN, Massachusetts\nDANIEL K. AKAKA, Hawaii              TOM COBURN, Oklahoma\nMARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona\nCLAIRE McCASKILL, Missouri           RON JOHNSON, Wisconsin\nMARK BEGICH, Alaska                  ROB PORTMAN, Ohio\n\n                    John Kilvington, Staff Director\n                William Wright, Minority Staff Director\n                   Deirdre G. Armstrong, Chief Clerk\n\n\n                            C O N T E N T S\n\n                                 ------                                \nOpening statements:\n                                                                   Page\n    Senator Carper...............................................     1\nPrepared statements:\n    Senator Carper...............................................    41\n    Senator Brown................................................    44\n\n                               WITNESSES\n                        TUESDAY, APRIL 12, 2011\n\nHon. Vivek Kundra, Federal Chief Information Officer, \n  Administrator for Electronic Government and Information \n  Technology, Office of Management and Budget....................     4\nDavid McClure, Associate Administrator, Office of Citizens \n  Services and Innovative Technologies, U.S. General Services \n  Administration.................................................     6\nDavid A. Powner, Director of Information Technology Management \n  Issues, U.S. Government Accountability Office..................     8\nStephen W.T. O\'Keeffe, Founder, MeriTalk.........................    24\nRishi Sood, Vice President, Government Vertical Industries, \n  Gartner, Inc...................................................    26\nAlfred Grasso, President and Chief Executive Officer, The MITRE \n  Corporation....................................................    29\n\n                     Alphabetical List of Witnesses\n\nGrasso, Alfred:\n    Testimony....................................................    29\n    Prepared statement...........................................    98\nKundra, Hon. Vivek:\n    Testimony....................................................     4\n    Prepared statement...........................................    47\nMcClure, David:\n    Testimony....................................................     6\n    Prepared statement...........................................    53\nO\'Keeffe, Stephen W.T.:\n    Testimony....................................................    24\n    Prepared statement...........................................    80\nPowner, David A.:\n    Testimony....................................................     8\n    Prepared statement...........................................    62\nSood, Rishi:\n    Testimony....................................................    26\n    Prepared statement...........................................    93\n\n                                APPENDIX\n\nQuestions and responses for the Record from:\n    Mr. Kundra...................................................   107\n    Mr. Powner...................................................   111\n\n\n                     EXAMINING THE PRESIDENT\'S PLAN\n                   FOR ELIMINATING WASTEFUL SPENDING\n                       IN INFORMATION TECHNOLOGY\n\n                              ----------                              \n\n\n                        TUESDAY, APRIL 12, 2011\n\n                                 U.S. Senate,      \n        Subcommittee on Federal Financial Management,      \n              Government Information, Federal Services,    \n                              and International Security,  \n                      of the Committee on Homeland Security\n                                        and Governmental Affairs,  \n                                                    Washington, DC.\n    The Subcommittee met, pursuant to notice, at 10:35 a.m., in \nroom SD-342, Dirksen Senate Office Building, Hon. Thomas R. \nCarper, Chairman of the Subcommittee, presiding.\n    Present: Senators Carper and Brown.\n\n              OPENING STATEMENT OF SENATOR CARPER\n\n    Senator Carper. The hearing will come to order. Welcome one \nand all, especially to our witnesses today. Thank you for your \npreparation. Thank you for your presence. We look forward to \nyour testimony and the opportunity to have a good conversation.\n    We will be joined by some of our colleagues as we get into \ntoday\'s hearing, but sort of as a precursor to today\'s hearing, \nI was driving in to the train station this morning and flipping \nback and forth between radio stations, and I happened to come \nacross a song where the Rolling Stones were singing, ``Hey, \nYou, Get Off Of My Cloud.\'\' [Laughter.]\n    How appropriate. We usually do not have theme songs for our \nhearings, but if we did, that actually might work. We actually \nwant to get people on the cloud, as I understand it, and \nhopefully when we leave here today I will understand better \nwhat all that is about.\n    But our hearing today will examine the President\'s plan to \nfundamentally transform the management of our Federal \ninformation technology (IT) assets. The message of the plan is \nclear: We need to cut what we cannot afford and nurture an \nenvironment in which innovative and more cost effective \ntechnologies can be employed throughout our government.\n    As I have said time and again in this room and other \nplaces, we need to look in every nook and cranny of our Federal \nGovernment--domestic, defense, entitlements, tax expenditures--\nand ask this question: Is it possible to get better results for \nless money? Or is it possible to get better results for the \nsame amount of money?\n    The hard truth is that many programs\' funding levels will \nneed to be reduced. Even some of the most popular and necessary \nprograms out there will likely be asked to do more with less or \nmore for the same amount of many.\n    Many Americans believe that those of us here in Washington \nare not capable of doing the hard work we were hired to do, and \nthat is, to effectively manage the tax dollars they entrust us \nwith. They look at the spending decisions that we have made in \nrecent years and question whether the culture here is broken. \nThey question whether we are capable of making the kind of \ntough decisions that they and their families make with their \nown budgets. And I do not blame them for being skeptical.\n    I am afraid that their skepticism has proved well founded \nwhen you look at the kind of avoidable management failures that \nwe have incurred in Federal information technology over the \npast decade or so. The past mismanagement of our Nation\'s $80 \nbillion annual Federal information technology is not only \nintolerable, it is unsustainable.\n    Late last year, then the Office of Management and Budget \n(OMB) Director Peter Orszag said that fixing the broken \nmanagement of our Federal Government\'s information technology \nwas--and this is a quote--``the single most important step we \ncan take in creating a more efficient and productive \ngovernment.\'\'\n    I am going to say that again, ``the single most important \nstep we can take in creating a more efficient and productive \ngovernment.\'\'\n    Based on the information that OMB has released as a part of \nits review, I believe he may be correct. The failures of \ninformation technology management in the Federal Government \nhave in some cases been spectacular. For example, the \nGovernment Accountability Office (GAO) found in January of this \nyear that those running the National Archives electronic \nrecords investment had not been able to identify potential \ncosts and schedule problems early and, as a result, failed to \ntake any action to address them.\n    GAO estimates that because of these failures in one \ntroubled project--one troubled project--taxpayers will lose \nsomewhere between $205 million and $405 million. That is real \nmoney where I come from.\n    Today we will look at the President\'s 25-point plan to turn \nthis ship around. The goals are ambitious, and so are the \ntimelines. That is a good thing.\n    Under the direction of our first Federal Chief Information \nOfficer (CIO), Vivek Kundra, the plan is to be fully \nimplemented within 18 months of its introduction. That is May \n2012, if you are keeping score at home. But the various goals \nare broken down into 6-, 12-, and 18-month increments. Today I \nam particularly interested in hearing how we are progressing \ntoward those 6-month goals.\n    The President\'s plan centers around three main initiatives:\n    First, the plan fosters a cultural shift aimed at making \nthe management and implementation of large Federal IT projects \nmore effective and more efficient;\n    Second, the plan pushes the Federal Government to adopt \ncheaper, better, and faster technologies;\n    And, third, the plan demands that we shed or consolidate \nthe duplicative and wasteful Federal data centers in our \ninventory.\n    The plan is a positive first step in tackling the \ninstitutional and systemic problems that have plagued Federal \ninformation technology management for years. It may not be \nperfect, but the President and Mr. Kundra should be commended \nfor taking on this challenge, and I commend you today.\n    We look forward to hearing from our witnesses today, about \nhow we are progressing toward these goals, how agencies are \nresponding, and what those of us here in Congress can do to \nhelp make this a successful venture.\n    Today I am also happy to say that my colleagues, as they \ncome along, will be asking their questions, and if they really \nwant to give a statement, we will let them, but my guess is \nthey will probably just want to get right into the flow with \nquestions and answers.\n    But my colleagues Scott Brown, Senator Joe Lieberman, and \nSenator Collins have joined me in introducing legislation \ncalled ``The Information Technology Investment Management Act \nof 2011.\'\' This legislation calls for greater transparency when \nit comes to the cost and performance of our Nation\'s \ninformation technology investments so that American taxpayers \ncan see how their money is being spent.\n    It also demands that agencies and the Office of Management \nand Budget be held accountable for a project\'s failure and work \neither to fix them or end them. The time for lazy or wasteful \nmanagement of these expensive investments is over. We are going \nto demand that projects be on time, on budget, and deliver on \ntheir promises. If they do not, we are going to bring them to a \nhalt. We are going to end the pattern of throwing good money \nafter bad.\n    I hope that our witnesses will include in their testimony \ntoday some brief thoughts and comments about our legislation. \nWe always welcome constructive criticism.\n    And with that said, I want to introduce just very briefly \nthe first panel of witnesses. A couple of you have been before \nus more times than you want to remember. If we had to pay David \nPowner for every time he has been before us, the budget deficit \nwould be a lot bigger, so we appreciate especially your being \nhere.\n    Our first witness today is Vivek Kundra, who serves as our \nNation\'s first Federal Chief Information Officer. Mr. Kundra is \nresponsible for directing the policy and strategic planning of \nFederal information technology investments as well as for \noversight of Federal technology spending. Previously, Mr. \nKundra worked as Chief Technology Officer for the District of \nColumbia and as Assistant Secretary of Commerce in Virginia \nunder Governor Tim Kaine.\n    Our next witness is David McClure--Mr. McClure, good to see \nyou--who is the Associate Administrator in the Office of \nCitizen Services and Innovative Technologies for the U.S. \nGeneral Services Administration (GSA). Mr. McClure works to \nadvance GSA\'s responsibilities in serving the American people \nthrough open and transparent government initiatives and by \nidentifying new technologies to improve government operations \nand service delivery.\n    Our final witness for this panel is Mr. David Powner, who \nis the Director of IT Management Issues in the U.S. Government \nAccountability Office. As Director, Mr. Powner is in charge of \nGAO\'s analysis of Federal IT investments, health IT, and \ncybersecurity initiatives. Again, we welcome you.\n    I am going to recognize Mr. Kundra to proceed first, and \nyou are welcome to summarize your testimony. All of it will be \nmade part of the record, and then once the three of you have \nconcluded, we will start with some questions. Again, welcome. \nThank you so much. And thank you for your leadership.\n\nSTATEMENT OF VIVEK KUNDRA,\\1\\ FEDERAL CHIEF INFORMATION OFFICER \n  AND ADMINISTRATOR FOR ELECTRONIC GOVERNMENT AND INFORMATION \n          TECHNOLOGY, OFFICE OF MANAGEMENT AND BUDGET\n\n    Mr. Kundra. Good morning, Chairman Carper and Members of \nthe Subcommittee. Thank you for the opportunity to testify on \nour efforts to eliminate wasteful information technology.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. Kundra appears in the appendix on \npage 47.\n---------------------------------------------------------------------------\n    Effective management of IT is essential in serving the \nAmerican people, protecting our national security interests, \nand keeping America competitive in the global economy. That is \nwhy for the past 26 months we have focused on reforming Federal \nIT to crack down on wasteful spending and boost performance.\n    Through relentless oversight, we have delivered $3 billion \nin life cycle cost reductions. We are eliminating duplicative \ninfrastructure and have saved millions of dollars through game-\nchanging technologies and approaches such as cloud computing.\n    On December 9, 2010, we published the ``25-Point \nImplementation Plan to Reform Federal IT Management,\'\' our \nblueprint to address the structural barriers that get in the \nway of consistent execution. We have segmented the reforms into \n6-month increments with concrete deliverables. I would like to \nhighlight our progress over the past 124 days in each of the \nfive key reform areas.\n    First, we are applying light technologies and shared \nsolutions to allow agencies to optimize spending and invest in \ntheir mission-critical needs rather than duplicative \ninfrastructure.\n    Since 1998, the Federal Government has seen the number of \ndata centers grow from 432 to more than 2,000. To reverse this \nunsustainable growth, we are actively shutting down 800 data \ncenters by 2015. Additionally, we have shifted to a Cloud First \npolicy that allows agencies to pay only for the resources that \nthey are actually using.\n    Second, we are strengthening program management because no \nmatter how effective our technologies and policies, the success \nof our most complicated, high-profile, and expensive programs \nrests on the shoulders of effective program managers. Yet too \noften these programs are managed by individuals randomly pulled \nacross the government who lack the training to successfully \ndeliver. That is why we have created the IT Program Manager \nCareer Series to attract the best talent and to make sure that \nwe are cultivating the top performers.\n    We have also seen universities like George Mason University \n(GMU) and the National Defense University (NDU) stand up \nprograms that focus on case studies so we do not repeat \nhistorical failures.\n    Third, we are aligning the budget and acquisition process \nwith the technology cycle to make sure that programs are not \nout of date the moment that they are launched. The budget \nprocess forces agencies to specify in great detail what they \nare going to be building out 24 months before they can even \nstart a project. The acquisition process routinely adds another \n12 to 18 months. We have analyzed funding models across the \nFederal Government to identify the necessary changes to the \nlegal framework for IT funding that enables successful modular \ndevelopment and to help contain the rise in infrastructure \ncosts. We look forward to working with Congress to consolidate \ncommodity IT funding under agency CIOs and to develop budget \nmodels that align with modular development.\n    Fourth, we are strengthening governance and improving \naccountability because for too long we have witnessed runaway \nprojects that waste billions of dollars that are years behind \nschedule. That is why we have scaled the same model that \nreduced project life cycle costs by $3 billion and turned it \naround poorly performing projects. Already 129 agency employees \nhave been trained and 23 agencies have implemented the TechStat \nmodel to tap into the ingenuity of the American people and the \ncollective talent of State and local governments. We have open-\nsourced the very software code that the IT Dashboard was built \nupon and the TechStat model. Thirty-eight States, including \nDelaware and Massachusetts, and multiple countries have reached \nout to express interest in adopting these tools to improve \ntransparency and accountability.\n    And, fifth, we are increasing engagement with the industry \nto demystify the procurement process and dispel common \nmisconceptions regarding the acquisition regulations. We debunk \nthe top 10 myths in IT procurement, and we are building a pre-\nRequest for Proposal (RFP) platform to help overcome the ties \nthat may occur between agencies and certain vendors. The \nplatform will give agencies access to the most innovative \nsolutions and provide a small business the same opportunities \nthat an industry titan has.\n    Over the past 124 days, we have focused on execution rather \nthan just policy development. We must continue to buildupon the \nprogress to date and scaled practices that we know work to make \nFederal IT perform at the level the American people expect. The \nFederal Government must be able to provision services more like \na nimble startup and leverage smaller technologies that require \nlower capital outlays.\n    I would like to thank the Members of this Subcommittee and \ntheir staff for putting IT management front and center and \nhelping transform the landscape of Federal IT.\n    Thank you for the opportunity to testify. I look forward to \nany questions you may have.\n    Senator Carper. Great. Thank you for that testimony and for \nthe work that it represents. Thanks so much. Mr. McClure, \nwelcome.\n\nSTATEMENT OF DAVID MCCLURE,\\1\\ ASSOCIATE ADMINISTRATOR, OFFICE \n OF CITIZEN SERVICES AND INNOVATIVE TECHNOLOGIES, U.S. GENERAL \n                    SERVICES ADMINISTRATION\n\n    Mr. McClure. Good morning, Chairman Carper and Senator \nBrown. Let me introduce myself. I am Dave McClure from the GSA. \nI would like to talk about the GSA role in the IT reform agenda \nthis morning.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. McClure appears in the appendix \non page 53.\n---------------------------------------------------------------------------\n    I really want to summarize three main points that I make in \nmy written statement.\n    Point No. 1 is that the 25-point IT reform plan and the \nFederal Cloud Computing Strategy issued by Vivek are very \nconstructive, and they are sorely needed steps forward in \nimproving the way IT is acquired and managed. GSA\'s role in \nthis agenda is very clear. We focus on shared, lightweight \ntechnologies, and simplifying the provisioning of IT services \non demand so that we can accelerate agencies\' access to modern \ntechnology, get solutions in the hands of users faster, and \nlower costs.\n    Cloud computing is at the forefront of these innovative \ntechnologies today. As Vivek has noted, it offers compelling \nadvantages when, like any other technology implementation, it \nis done well.\n    Cloud computing is already here in the Federal Government, \nand it is an inevitable trend from a technology marketplace \nperspective. Many agencies have started implementing cloud \nsolutions and found significant savings. We have documented \nmany on our public web page, Info.Apps.gov.\n    The return on investment has been lower IT operating costs, \nimproved operational performance, better service delivery, and \nincreased agility in provisioning changes to computing needs.\n    Point No. 2, GSA plays a strong governmentwide leadership \nin supporting the adoption of cloud computing in the Federal \nGovernment. The Federal Cloud or Project Management Office \n(PMO), is housed in my office at GSA, and we have the lead in \nfacilitating new innovative cloud computing procurement \noptions, ensuring effective cloud security and standards are in \nplace, and identifying potential multi-agency or governmentwide \nuse of cloud computing solutions.\n    Our cloud computing PMO is active, engaging, and \nproductive. My written statement outlines six cloud-related \nactivities. I just want to focus on three of them briefly.\n    Let us start with the Federal Risk and Authorization \nManagement Program (FedRAMP) is being established to provide a \nstandard security approach for assessing and authorizing cloud \ncomputing services and products. Currently this process in the \ngovernment is expensive, it is time-consuming, it is a heavy \npaper-driven process exercised inconsistently across the \ngovernment. An average Assessing and Authorizing (A&A) costs up \nto $180,000 and requires up to 6 months to complete. FedRAMP \nwill allow joint authorizations and increased use of continuous \nsecurity monitoring services for government and commercial \ncloud computing systems.\n    Because we can achieve a more consistent security baseline \nand a common interpretation, we can leverage the work of one \nagency for another, or as we say, approve once and use often. \nThis should help reduce cost, it should enable rapid \nacquisitions, and it should reduce the overall effort of the \ngovernment in this area.\n    I might add that we have developed this with broad \nconsensus in the government, involving that National Standards \nand Technology (NIST), the Department of Homeland Security \n(DHS), the Department of Defense (DOD), the National Security \nAgency (NSA), and various commercial industry consortia.\n    Another important governmentwide initiative is \ninfrastructure as a service. Each year the government spends \ntens of thousands and millions of dollars on IT products and \nservices, heavy focus on maintaining the current computing \ninfrastructure needs and demands. We have established a Blanket \nPurchase Agreement (BPA) with 12 companies, many with multiple \npartners who offer storage, computing power, and Web site \nhosting as commodities. The benefits include commodity type \npricing for services, allowing customer to easily compare \nprices across vendors. It also offers standardized technical \nand security requirements that companies are required to meet \nacross the entire government.\n    The third area is cloud-based e-mail. We chose to tackle \nperhaps one of the most ubiquitous business technologies in use \nby all Federal agencies: e-mail. Using a governmentwide working \ngroup, we again took a collaborative approach to building a \nprocurement vehicle. Once it is released and concluded, \nservices will be offered to Federal customers via a Blanket \nPurchase Agreement. I think it will accommodate a range of \nrobust, feature-rich e-mail services in public, private, and \nhighly secured clouds.\n    So my final point is this: GSA is also walking the talk. A \nlot of what we are doing internally within GSA is also very \nrobust in the cloud space. We are putting in one of the first \ncloud-based e-mail systems in the government. We expect a \nsavings of over $15 million in 5 years. We are reducing our own \ndata centers from 15 to 3 by 2015. We estimate a $2 million \nannual reduction in data center costs as a result. And we host \nperhaps some of the most visible Web sites, public Web sites in \ngovernment, including USA.gov, which is the Nation\'s portal or \nfront door into the Federal Government, as well as Data.gov, \nwhich is one of the first public-facing government Web sites to \nbe successfully deployed in a cloud environment.\n    We also host a lot of open-source sharable code solutions \nthat lower the cost and help implementations in areas like \nChallenge.gov, where challenges and contests are being run by \nFederal agencies.\n    So I hope this offers you a brief flavor of what we are \ndoing at GSA to improve the IT outcomes in the government. \nAgain, thanks for having me here for testifying.\n    Senator Carper. Mr. McClure, thank you for testifying.\n    Mr. Powner, welcome. Thank you.\n\n     STATEMENT OF DAVID POWNER,\\1\\ DIRECTOR OF INFORMATION \n TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY \n                             OFFICE\n\n    Mr. Powner. Chairman Carper, Senator Brown, we appreciate \nthe opportunity to testify this morning on IT acquisitions. \nChairman Carper, I would like to thank you for your oversight \nof Federal IT acquisitions. Your many hearings highlighting the \nwasteful spending in this area has led to many improvements in \nFederal agencies and at the Office of Management and Budget.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. Powner appears in the appendix on \npage 62.\n---------------------------------------------------------------------------\n    Senator Carper. Very nice of you to say that. Thanks very \nmuch for being a big part of that.\n    Mr. Powner. OMB plays a key role in this oversight process. \nIn fact, OMB has been required by the Clinger-Cohen Act of 1996 \nto track, analyze, and report to the Congress on IT \nexpenditures, which now total almost $80 billion.\n    To help carry out this role, OMB established several \noversight mechanisms, including lists of troubled projects, \nstarting in 2003, that clearly were not as useful or accurate \nenough to perform the appropriate level of oversight. Under \nVivek Kundra\'s leadership, OMB has improved its oversight of \nand management of IT acquisitions by: one, creating the IT \nDashboard; two, using this information on the Dashboard to hold \nagencies and CIOs accountable; and, three, introducing \ncomprehensive IT reform. I would like to highlight each of \nthese efforts and what additional actions are needed.\n    First, the Dashboard. In June 2009, OMB deployed a public \nWeb site, known as the IT Dashboard, to improve the \ntransparency and oversight of approximately 800 major Federal \ninvestments totaling about $40 billion. The Dashboard presents \ninformation on costs and schedule and a CIO assessment, among \nothers. Today, the Dashboard shows that nearly 40 percent of \nthe 800 investments are in need of management attention due to \ntheir red or yellow status. More simply put, this equates to \nover 300 investments totaling $20 billion that are at risk.\n    I would like to repeat those numbers. We have 300 \ninvestments totaling $20 billion that are at risk.\n    In addition to identifying troubled IT projects, the \nDashboard is an excellent tool to identify duplicative \ninvestments, which could result in significant savings. We have \nongoing work for this Subcommittee looking at this duplicative \nspending.\n    Despite the improved transparency, data reliability remains \nan issue, as our work has shown that Dashboard information is \nnot always accurate and consistent with agency records. OMB and \nagencies acknowledge this and have a number of activities under \nway to improve the Dashboard and the accuracy of what is being \nreported.\n    OMB has also improved the management of IT investments \nneeding attention by holding TechStat meetings. These meetings \nstarted in January 2010 and are led by Mr. Kundra and agency \nleadership. Well over 50 of these meetings have been held, and \nthe results are impressive. Four projects have been canceled \nand 11 restructured. OMB has claimed that this has resulted in \na $3 billion reduction in costs. OMB has also identified 26 \nadditional high-priority projects that have undergone extensive \nreview, which resulted in corrective action plans.\n    One of the high-priority projects is the National Archives \nelectronic records acquisition that you mentioned, Mr. \nChairman. Our work for this Subcommittee has highlighted the \nmismanagement and major cost and schedule issues associated \nwith this acquisition. It is one of the projects that OMB is in \nthe process of restructuring. Although OMB has had significant \nresults with its TechStat meetings and its high-priority \nprojects, many more projects are in need of OMB and agency \noversight.\n    In addition to the Dashboard and TechStat sessions, OMB \nissued a comprehensive IT reform plan that includes replicating \nthese TechStat sessions throughout the government to improve \ngovernance and to strengthen program management. Many of the \nreform initiatives are consistent with your many years of \noversight in this arena and our body of work on IT acquisition. \nAnd to its credit, OMB has issued aggressive milestones that \nspan the next 18 months. Now the challenge lies in \nimplementation.\n    In summary, OMB\'s efforts to improve the transparency of \nthe IT Dashboard, to improve IT acquisition execution through \nits TechStat sessions, and its IT reform initiatives are \nencouraging. But the accuracy of the Dashboard information \nneeds to greatly improve. Even more focus needs to be put on \nthe $20 billion at risk, and the major IT reform initiatives \nnow need to be implemented.\n    I would like to conclude by commending your leadership, as \nwell as Mr. Kundra\'s in this area, Mr. Chairman, and I am \npleased to answer any questions you have.\n    Senator Carper. Mr. Powner, thank you so much, and thanks \nagain for being a big partner with us in these efforts.\n    Senator Brown has another hearing that is going on, and he \nis going to be coming in and out. But I just want to recognize \nhim for any comments that he wants to make, and he can go right \ninto questions whenever he is ready.\n    Senator Brown. Thank you, Mr. Chairman. I am going to stay \nas long as I can. I enjoy this very much, and I appreciate you \npushing forward on this.\n    I have a statement that I am just going to submit for the \nrecord.\n    Senator Carper. Without objection.\n    Senator Brown. Thank you.\n    I might as well start. Mr. Kundra, according to your \ntestimony, your high-priority IT project and financial system \nreviews have led to over $3 billion in life cycle cost \nreductions. How many investments were actually reviewed?\n    Mr. Kundra. We actually overall looked at over 50 \ninvestments.\n    Senator Brown. Five-zero?\n    Mr. Kundra. Fifty, yes. So these 50 investments, and one of \nthe things we focused on was the most troubled investments out \nof the IT portfolio. And the reason we introduced the IT reform \nplan, the 25-point plan, was to actually now multiply the same \nprocesses across every single department and agency within the \nU.S. Government because the challenges at the end of the day, \ndespite OMB\'s oversight capabilities, what we want to do is we \nwant to prevent these investments from getting to the point \nwhere they are years behind schedule or hundreds of millions of \ndollars over budget. And that is what we are focused on.\n    Senator Brown. By then isn\'t the technology obsolete in \nmany instances?\n    Mr. Kundra. Absolutely. The way that the acquisition \nprocesses actually work right now and the budgeting process, \nunfortunately we plan out years in advance and end up locking a \nspecific technology. And by the time you actually implement \nsome of these technologies, they are way out of date.\n    Senator Brown. I know in New York City, for example, they \nhired a company, VMware, to come in and actually go and review \nall their IT specifications because there were so many \nindividual fiefdoms and they were not connected. They were not \nefficient. They were wasting money. They have apparently saved \na tremendous amount of money through, obviously, the cloud \ntechnology and that whole new way of doing things.\n    Out of the 50 that you did--how many actually are there \ntotal in terms of the actual investments? You said you looked \nat--how many actually are there? What is the big picture?\n    Mr. Kundra. So where we need attention, as Dave Powner \npointed out, is about 300 or so investments, and what we are \ntrying to do now is to scale the same exact model we used to \nturn around or terminate these poorly performing investments. \nSo the process we used was coupling the IT Dashboard where we \nare shining light on what was going on with these investments \nwith what we call our TechStat accountability sessions to \nreally drill down on each of these investments to make sure \nthat if, for example, you do not have a dedicated project \nmanager, if you do not actually have a clearer understanding of \nwhat the business objectives or goals are, or you are in the \nprocess of implementing outdated technologies, these are huge \ninvestments that have a major effect on how agencies are \nactually being transformed.\n    One of the problems we have seen throughout these sessions \nis that people are looking at these projects at IT projects. \nBut at the end of the day, they are about transforming how an \nagency fundamentally operates.\n    Senator Brown. So when you are looking at the--when you say \n$3 billion is or may be saved in part, this is being done by \ncanceling some projects, I am presuming. But how much did we \nalready lose with what was already spent on those investments?\n    Mr. Kundra. Well, so that is a little more difficult number \nto come up with. To give you an example, with financial systems \nwhat we did is we looked at the entire life cycle cost of \nfinancial systems across the Federal Government, and that was \nabout $20 billion in life cycle costs.\n    The Department of Defense, for example, had a project \ncalled Defense Integrated Military Human Resources System \n(DIMHRS). It was their integrated human resource planning \nsystem. They spent 12 years and approximately $1 billion, and \nwe ended up killing that project.\n    Unfortunately, what we do not want to do is be in a \nposition where we are just killing IT projects because at the \nend of the day there is still a business need. They are not \njust implementing projects because they felt it was a fun thing \nto do. There is actually a business problem.\n    So the four that we killed, the real victory in my mind is \nactually the projects, the 11-plus projects that we looked at \nwhere we de-scoped them. And what I mean by de-scoping is we \nsaid instead of trying to boil the ocean, where people have \nbought into this fallacy that these enterprise resource \nplanning systems are going to balance your books, they are \ngoing to track your assets, they are going to make you coffee, \nthat you have to actually break these projects down into 6-\nmonth increments. If within 6 months you cannot prove that you \nhave delivered something of value to your customers, then you \nneed to either halt that project or you need to fundamentally \nrethink it or terminate it. And what we are seeing with these \nlarge enterprise projects is that people are spending years, in \nsome cases decades, implementing a project that is not working.\n    Senator Brown. So did we actually save $3 billion, or did \nwe just not lose more money to cost overruns on these actual \nprojects?\n    Mr. Kundra. Well, it is a combination of both because where \nwe de-scoped the projects in the cases of financial management \nsystems like the Environmental Protection Agency (EPA), we \nactually took that project down and cut it significantly lower. \nAnd also the way we were saving that money in terms of both \ncost avoidance and the original life cycle costs is that there \nare game-changing technologies, new technologies that have \nemerged since the project was originally conceived.\n    Senator Brown. It always seems like we are a couple of \nsteps behind. It seems like the government is an easy mark: \nHey, we have this new technology, go buy it. And then we invest \nbillions of dollars in some instances, or at least hundreds of \nmillions, and then by the time it actually gets through the \nprocess, it gets implemented, it gets up and running, and it is \nobsolete. Then we have to get the updates and upgrades, and it \njust seems like we are an easy mark.\n    I am wondering, in the next 50 investments, is there the \npotential for significant cost savings in the future? Or were \nthese initial reviews just kind of picking off the low-hanging \nfruit?\n    Mr. Kundra. I think there are significant opportunities for \ncost savings, in the billions, and here is why. So to your \npoint, one of the big problems we see is this huge gap between \nthe public sector and the private sector, and the reason this \ngap exists is because the culture in government historically \nhas been that the government must build its own infrastructure, \nit must own the software development. And one of the reasons we \nare shifting to the Cloud First policy essentially is to move \naway from this philosophy of asset ownership to service \nprovisioning.\n    So in the same way that a small startup company would go \nout there, and if they are standing up a business, they are not \ngoing to go out there and build their own e-mail system or \ntheir own accounting system. They are going to go to a company \nlike Quicken Books and fire up an accounting system or go to \nMicrosoft or Google or any of these other providers and fire up \nan e-mail system.\n    What we need to do is government needs to operate much more \nlike a nimble startup than it does today, where we are engaging \nin these multi-year, multi-billion-dollar IT projects. That is \nwhat we are doing with GSA, putting in place these \ngovernmentwide procurements that actually will allow us to \nprovision the services.\n    Senator Brown. Just in closing, and then I will turn it \nback to the Chairman in Massachusetts we have amazing companies \nthat deal with this stuff every day, and it is second nature. \nWe have the technology leaders in the world. And we are in the \ngovernment, and it is like we are sometimes in the Dark Ages. I \nam sure this is not the first time we have had a hearing on \nthis stuff. It is my first experience on it. But I know you \nhave been working on it for years.\n    At what point do we actually start to realize these \nbillions of savings, I mean, real dollars that can be used in \nother areas, especially now?\n    So that was more of a statement than a question, but I \nwould like to come back. Thanks, Mr. Chairman.\n    Senator Carper. Thanks very much.\n    Senator Brown and I hold a lot of hearings in here, and \nwhat we focus on is how do we get better results for less \nmoney. That is really what we do. That is our bumper sticker--\nhow to get better results for less money. And when you think \nabout IT projects, sometimes we do not really focus on what we \nare trying to do is get better service, better results for less \nmoney.\n    Give us a couple of examples, and I do not care who leads \noff, but give us a couple of examples where you actually can \nsay these are some projects where we actually got a whole lot \nbetter results for less money, or a little better results for--\nbetter service, maybe, for not a lot more money. Can you give \nus a couple good examples?\n    Mr. McClure. Yes, I would be happy to start. In my case, we \nhave been one of the first to move into the cloud computing \nenvironment, for example, and I mentioned USA.gov, which is the \npublic portal for the Federal Government. By moving it into a \ncloud environment, we are able to save an estimated $1.7 \nmillion a year in computing costs because we moved into a more \nagile computing environment. We were able to provision changes \nto that system in hours as opposed to months, which means I \ncould change the Web site and its features very quickly. And, \nthird, it allowed me to use people in a different way. Rather \nthan monitoring and running the infrastructure that we owned, I \nactually could turn them over to doing more mission-based and I \nthink more value-added types of services.\n    So for us it was a cost savings, it was an agility to move \nfaster, and I was able to free people up to do more value-added \nwork. And I think that is a common occurrence across many of \nthe implementations right now.\n    Senator Carper. All right. Good. Some other examples, \nplease.\n    Mr. Kundra. On something as simple as e-mail services, the \nU.S. Department of Agriculture (USDA), with 120,000 employees, \nand the General Services Administration (GSA), with 17,000 \nemployees, moving e-mail over to the cloud, what they were able \nto save is over $40 million. Something as simple as a Web site, \nwhat the Recovery Board did is they saved $750,000 by just \nmoving to the Amazon cloud.\n    Health and Human Services (HHS), by looking at electronic \nhealth record grants, moving over to a sales force \nimplementation, they cut their costs by 60 percent.\n    So we are seeing huge savings, and it is not just in \ndollars. Part of what is happening is we keep building \nduplicative infrastructures, so the numbers you look at in \nterms of data centers, we went from 432 to more than 2,000, and \npart of the reason is because people have been so focused on \nbuilding duplicative, redundant infrastructure rather than \nlifting up and saying how do we make sure that in the same way \nthe American people, when they go and book a ticket, whether it \nis for a flight or a concert or making a reservation at a local \nrestaurant, that experience is so much better than when they \nare dealing with the government. And the reason is because the \ngovernment is so focused on the duplicative infrastructure, and \nwe are trying to abstract all of that so we can get the \ngovernment to focus actually on the customer experience rather \nthan investing billions of dollars in this duplicative \ninfrastructure.\n    Senator Carper. I have not counted the number of times that \n``cloud\'\' has been used in our testimony or our responses to \nquestions, but there are a lot of people who are following the \nhearing today have no idea what you are talking about. Why \ndon\'t you just step back--actually somebody had it in their \ntestimony, a little definition at the bottom of the page, what \nwe are talking about, which I do not know if it would be all \nthat helpful to too many people. Just make it real simple and \neasy for folks to understand.\n    Mr. Kundra. Sure. So the most basic way to think about \ncloud computing is if you look at the progress that was made \nthroughout this Nation, it used to be that every house had its \nown well and had its own electrical generation system. But as \ntechnology evolved, we ended up with an electrical grid, we \nended up with a water distribution system. So now what happens \nis, when you are at home, whether you are plugging in a mixer \nor a TV, you consume the electricity that you are actually \nusing rather than to have to pay for all that infrastructure.\n    In the same way, cloud computing from a technology \nperspective, the simplest way to think of it is that the \ngovernment is going to be able to pool its demand and actually \ndynamically allocate resources or use resources so that we are \nnot paying for resources that we are actually not using.\n    Senator Carper. A friend of mine tried to explain it to me \nnot long ago, and he said, ``Do you have kids that are old \nenough to drive?\'\' I said, ``Yes, we have a boy 21 and one \n22.\'\' And he said, ``Are they away at college?\'\' I said, ``One \nis, and one is actually in another country.\'\' He said, ``Do \nthey ever come home?\'\' I said, ``Well, they do.\'\' And he said, \n``How many vehicles do you have?\'\' I told him, and he said, \n``Do you need more vehicles when they come home?\'\' And I said, \n``Yes, we do.\'\' And he said, ``What do you do, go out and buy a \nnew vehicle so that when they come 2 or 3 weeks out of the year \ntheir car is there for them to use?\'\' And I said, ``No. We \nactually rent a car.\'\' He said, ``Well, that is kind of like \nwhat this is.\'\' So that helps me understand it.\n    I want to try to draw an analogy here and use this analogy \nas a way to get to sort of get why do we have this problem. It \nhas been pervasive throughout the Federal Government. We spend \nso much money for these projects. Some of them work quite well, \nand too often they do not.\n    We held a hearing here 2 weeks ago, and the focus of our \nhearing was major weapons systems cost overruns. And as it \nturns out, GAO told us 10 years ago, in the year 2000, that our \nmajor weapons systems cost overruns was $42 billion. And GAO \ntestified 2 weeks ago that our major weapons systems cost \noverruns is $402 billion. It went from $42 billion in 2000 to \n$402 billion last year.\n    And as we drilled down on why that was happening, we got a \ncouple of answers. One of those is that sometimes the \ntechnologies that are being proposed to use on these weapons \nsystems are what they call immature, meaning they have not \nreally been fully developed.\n    Second is the agency, the military branch, or service may \nnot have fully figured out what they want, and they continue to \ndo modifications to the projects. We call it ``project creep.\'\'\n    The third thing is we do not necessarily do the best job of \nmaking sure the acquisition folks with experience are bird-\ndogging these projects and that they have the kind of clout \nthat they need in order to blow the whistle when things are \ngoing wrong.\n    We had an example from a fellow named John Young, who was \nthe top person in the Bush Administration, the second term, for \nacquisition, and we had one of his deputies, his top deputy for \nacquisition. He is an Assistant Secretary for Defense. We said, \n``Talk to us. How long have you been in your position?\'\' He \nsaid, so many months. And we said, ``What kind of turnover did \nyou get from your predecessor?\'\' And he said, ``Well, I did not \nget any turnover. My predecessor left 18 months before I did.\'\' \nWe said, ``No kidding.\'\'\n    ``Tell us about your direct reports. How many direct \nreports do you have?\'\' And he said he was supposed to have six, \nand only two were filled.\n    So here is like the top person really in the Department of \nDefense whose job it is to make sure we are getting our money\'s \nworth. There is an 18-month lapse between when he comes in and \nthe guy before him left, and only two out of six direct reports \nwere there. So it turns out the guy who is in that position \ntoday in this Administration, his nomination was held up for 15 \nmonths--15 months before he was actually allowed to go to work. \nSo those are the kinds of problems that have led to $402 \nbillion cost overruns.\n    When you drill down on it, how have we gotten into the \nsituation that we are in where we have $80 billion worth of \nprojects and maybe a quarter or so are at risk? I do not know, \nmaybe, David, this is good one for you, Mr. Powner.\n    Mr. Powner. Yes, well, a couple things. One is--and I think \na lot of this is tied to Mr. Kundra\'s IT reform plan. You could \nstart with program management. There clearly needs to be \nstrengthened program management across the government where, to \nyour point, we define what we want well up front; we have a way \nto manage risks.\n    But on top of that program management level, what happens \nmany times--and it has been the subject of many hearings that \nyou have held, for instance, like what happened at the Census \nBureau--we have a lack of executive accountability. Many times \nwhen a project gets in trouble, they blame the program manager \ninstead of a key executive who should be overseeing that, \nincluding the CIO. And I think when you look at Vivek\'s reform \nplan, one of the five major areas is governance. There needs to \nbe better governance over these projects from an executive \npoint of view. In fact, that is what Vivek is attempting to \nimplement through his TechStat sessions.\n    So, Senator Brown, to your point, yes, we have held over 50 \nmeetings, and we have saved $3 billion. But your chart up there \nshows that there are 300 that need attention right now, and if \nwe projected that, I mean, there could be $20 billion of \nsavings if there is any success like he has had on those first \n50.\n    Senator Carper. All right. Anybody else want to take a \nshot? What I want to make sure is that we figure out what the \nproblems are, the major problems are, and to make sure through \nexecutive action and through legislative action that we are \nactually going after the root problems. Mr. McClure.\n    Mr. McClure. Yes, I think Dave hit it on the head. It is \ngovernance and program management, but those have been the same \nproblems that we have been pointing to for the last two or \nthree decades in Federal IT.\n    I think what this Administration is doing is trying to \nfocus program management and governance on transparency. You \nhave to get this stuff out in the open in terms of the status \nof projects. It cannot be buried in an agency. It has to be a \nfact-based assessment, not an emotional appeal. And it has to \nbe near real time. We cannot do this reporting months after \nsomething has already occurred.\n    And, finally--and I think Vivek is doing this with \nTechStat--these things have to be focused on problem solving, \nnot reporting. We can report, but we still miss what do we do \nto fix it. So I think we have to change the agenda to problem \nsolving.\n    Senator Carper. Good. That is a good point.\n    Mr. Kundra, before I yield back to Mr. Brown, Senator \nBrown, go ahead.\n    Mr. Kundra. Chairman Carper, I still recall my very first \nmeeting with you when I started, and one of the things you \npointed out----\n    Senator Carper. Was it that bad?\n    Mr. Kundra. It was great. You actually highlighted the need \nfor reforms, and one of the things I did after I met with you \nis studied history, went back to 40 years of challenges in \nFederal IT management. And I do not think contractors wake up \nevery morning and say, ``Hey, how are we going to make sure we \nmess up Federal IT this morning?\'\' And I do not think \ngovernment employees wake up every day and say, ``How are we \ngoing to go out there and make sure these projects fail?\'\'\n    Part of what we saw was that the efforts over the last 40 \nyears, a lot of it was very much around policy, and there has \nbeen great policy historically in place. But the challenge was \na lack of a focus on execution. And the hearings that you have \nhad have been tremendously helpful, and the fact that you have \nreached out to agencies to get them to improve the data \nquality, as Dave mentioned, the first thing we wanted to do is \njust shine light. And what we did when we launched the IT \nDashboard is we actually put up a picture of every CIO right \nnext to the project they were responsible for.\n    Senator Carper. No kidding.\n    Mr. Kundra. With how they were doing in costs----\n    Senator Carper. I always joke about when you look up in the \ndictionary, you look up a particular word, you have somebody\'s \npicture.\n    Mr. Kundra. Absolutely. And I was Public Enemy No. 1 for a \ncouple of weeks, but I think very quickly we realized by \nshining light all of a sudden we were exposing some of the \nmajor issues around IT projects.\n    And in the 25-point plan, we highlight some of the \nchallenges and areas that we need to focus, but I would point \nto one significant area where I think improving or moving the \nball from would make a tremendous difference, which is around \nprogram management, as both David Powner and David McClure have \nmentioned. If you think about multi-million-and multi-billion-\ndollar IT projects and government officials that are charged \nwith managing them, and if you compare that to other industries \nsuch as aviation, medicine, and firefighting, you do not set \nfoot on a 777 unless you have gone through a simulator and \nhundreds if not thousands of hours of training. You do not get \nto operate on your first patient unless you have gone through \nmedical school, a residency program with attendings. Or if you \nare a firefighter, you actually practice fire drills on actual \nfires before you go out there and put out your first fire.\n    We have not done that historically when it comes to program \nmanagement, and I think that is a key area of our reform \nagenda.\n    Senator Carper. Great. Thank you. Senator Brown.\n    Senator Brown. Thank you.\n    So, Mr. Powner, just touching base, Mr. Kundra says $3 \nbillion in estimated saving, and GAO says $3 billion in \nestimated cost overruns. So does that mean we are basically at \nsquare one or are we actually realizing real savings that we \ncan actually put back into the Treasury and use in other areas?\n    Mr. Powner. Well, I think it is probably a mixed bag, as \nMr. Kundra mentioned. I think when we eliminated some of those \nprojects--there were four that were terminated--I think those \nare real savings. The restructuring, that is a little uncertain \nabout how much real savings there are there. But, again, it \nprobably--the use of that money moving forward is--we are \nfamiliar with some of those projects that are restructured, \nlike the National Archives project. That is a good move.\n    So a couple points here, though, in terms of savings. If we \nare really after savings, I think looking at those troubled \nprojects is one way to go. There is probably another way if you \nlook at--I am going to shift gears just real quickly here, \nSenator Brown. When you look at the Dashboard--and we are doing \nthis work for this Subcommittee right now. You could look at \nduplicative spending associated with that Dashboard, so there \nare over 5,000 systems that we are investing in. I can tell you \nright now that there are over--in Fiscal Year 2011 we are \nfunding over 550 financial management systems at $3 billion. So \nthe question is: Does the Federal Government need over 550 \nfinancial management systems?\n    And I can go right down the line. I could tell you----\n    Senator Brown. I think you know that answer.\n    Mr. Powner. Right. And I can give you example after \nexample. So not only do we need to improve the performance of \nwhat we are spending money on, but there is potential for \nduplication when you start looking within and across agencies. \nThere are 600 H.R. systems in the Federal Government that we \nare funding. The Fiscal Year 2011 funding is $2.5 billion on--\n--\n    Senator Brown. That is out of control.\n    Mr. Powner [continuing]. On 600 H.R. systems. Those are the \nthings that really need further investigation.\n    Senator Brown. So noted. Mr. Chairman, that is your next \nhearing.\n    Senator Carper. Our next hearing. [Laughter.]\n    Senator Brown. Thank you.\n    How will GAO be tracking the performance of these \ninitiatives going forward?\n    Mr. Powner. Well, in terms of--a couple things. Looking at \nthe performance of these projects, we continue to do work on an \nevery-six-month basis, we report on the Dashboard, how those \nnumbers are changing, and the accuracy and reliability of what \nis being reported. And then on those duplication numbers, we \nare doing work for the Subcommittee where we will be laying \nout, by functional area, how many investments there are and \nwhat the total dollars are. And it will raise questions about \nwhat is being done to manage that more effectively.\n    Senator Brown. So you can certainly make recommendations, \nbut you do not have any teeth at all to really drop a hammer \ndown and say, hey, listen, you have to stop this. You are \nmaking the recommendations to us, and then we are going to take \nit up the food chain. Is that a fair statement?\n    Mr. Powner. Yes, clearly, most of our recommendations go to \ndepartments and agencies, and right now Mr. Kundra and I work \nvery closely together on some of these governmentwide issues, \nand I will say that there is a lot going on in his shop right \nnow. But clearly your oversight hearings help with action on \nthose items.\n    Senator Brown. And I know, obviously, with any type of \nprojects, it takes leadership. And, Mr. Kundra, what is your \nplan? Do you plan on staying on as the Federal CIO until the \nplan is seen through?\n    Mr. Kundra. Well, we are focused on executing the plan, \nobviously, and I am committed to making sure we are executing. \nAs a matter of fact, at the end of this month we are going to \nbe celebrating the accomplishments at each of the agencies \nwhere they have delivered. But what is important here is I can \nstay on as long as it is necessary, but what is really, really \nimportant in my mind is that this plan, the way we have \nengineered it, it is not dependent on any single individual. \nBecause at the end of the day, as you correctly point out, \nthose 300-plus investments, every CIO in every major department \nneeds to be as focused on execution as we are within the White \nHouse.\n    Senator Brown. And when you are looking--I know the IT \nInvestment Management Act that Senators Carper, Collins, \nLieberman, and I are introducing today takes some steps to \ncodify some of your office\'s successful initiatives, such as \nthe IT Dashboard and TechStat sessions. What else can we do, \nany other suggestions, to ensure the success of this plan \nmoving forward?\n    Mr. Kundra. I think, Senator, one of the areas that will be \nreally, really helpful, as Dave points out, some of the \nduplication, is how we look at funding across the Federal \nGovernment. And what I mean by that is the way Congress \nappropriates funding is bureau by bureau, department by \ndepartment. I see a huge opportunity here in terms of being \nable to look horizontally across the Federal Government, and \nwhether it comes to the 2,000-plus data centers or hundreds of \nwhether it is financial systems or H.R. systems, and to take a \nstep back and fundamentally rethinking how we are funding IT \nacross the Federal Government. And second would be to actually \nempower departmental CIOs by consolidating at least commodity \nIT. And when I say commodity IT, what I mean by that is these \nfinancial systems, H.R. systems, e-mail, data centers, \ndesktops, putting that authority under the departmental CIO, I \nthink we will see huge results. And we have case studies such \nas the Veterans Administration (VA) where we are beginning to \nsee a much better outcome in terms of the commodity assets.\n    Senator Brown. How do you maintain a robust security of the \nFederal computer networks when you are moving to the cloud \nsystem? How do you make sure that we maintain that high level \nof security?\n    Mr. Kundra. Part of what we are doing actually is looking \nat how we contract when we begin to move a lot of these systems \nover to the cloud. And what I mean by that is already today, if \nyou look at 4,700-plus systems, they are outsourced. And we \nspecifically specified in terms of contracting language how the \nsystems are managed and what the security requirements are.\n    Second, one of the things we are doing with cloud computing \nis we are trying to make sure that we get real-time data feeds \non the security posture of these providers so that the \nDepartment of Homeland Security and Chief Information Security \nOfficers can analyze the data and make sure that we are very \naware of what is going on as far as the security posture of \nthose systems are concerned.\n    And, third, we are making sure that we come up with a \ncommon set of controls, which is going to be the floor, the \nminimum set of controls that are technical in nature, that we \ncan constantly monitor to make sure that if we are being \nattacked in any way or if those systems are being compromised, \nthat we have that information on a real-time basis.\n    Senator Brown. Mr. McClure, you have been kind of shy \ntoday, so I figured I would ask you a question. [Laughter.]\n    GSA has taken a lead role in the Cloud First rollout. How \nis GSA assisting agencies in this effort?\n    Mr. McClure. Well, through a couple of mechanisms. One, as \nI think Vivek pointed out, we are putting in contractual \narrangements through our Blanket Purchase Agreements (BPAs) on \nthings like infrastructure as a service and e-mail that are \ncloud based. It allows really the agencies to purchase or \nprovision these services in a very cost competitive way and \nmuch quicker than going through a full and open competition \nprocess. So we have done all the vetting. We have looked at the \nvendors. We have qualified them as being competent in space. We \nhave done the security reviews. The agencies can purchase what \nthey need from a mission perspective.\n    The second thing, I think, that we do is actually put \ntogether the FedRAMP program that Vivek is referring to, \nworking across government, not just GSA, but we are trying to \nput a simpler, more effective, more complete security review \nfor the government that is consistent across government and \nthen leverage that once it is done rather than repeating them \nover and over and over again.\n    So I think that will tremendously increase the speed by \nwhich we can get some of the technology solutions in place.\n    Senator Brown. Mr. Powner, one final. What are the biggest \nsecurity risks moving forward toward cloud-based IT services?\n    Mr. Powner. Well, clearly, security is a great concern. I \nwould add that, like any project moving forward, you need to \ndefine your security. One option, moving to the cloud, if a \ncommercial cloud is not adequate, there are private clouds you \ncould move toward also with greater security.\n    Senator Brown. Thank you Mr. Chairman.\n    Senator Carper. Good questions.\n    Maybe a question for Mr. McClure and for Mr. Kundra. The \nPresident\'s plan contains, I believe, 25 action items, and 14 \nof them are set to be completed within, I believe, 6 months of \nthe plan\'s issuance. There are about 2 months left on the first \ncrucial timeline that has been set.\n    I guess my first question to both of you would be: Do you \nthink we are on schedule for those 14 items? And if not, which \nones do you think we will not accomplish and why?\n    Mr. Kundra. Sure, as I think with 124 days behind us and I \nbelieve about 58 days to go, part of what we are really focused \non is three areas:\n    One, in terms of making sure we are working with Congress \non the budget flexibilities, I think that is an area given that \nCongress has been very focused on the 2011 budget and now the \n2012, we have not made as much progress as I would have liked \non moving forward in that direction.\n    The second area that we are very, very focused on right now \nis actually on the program manager path, the career track. I \nthink we are in good shape there. We are very focused in terms \nof shutting down the 800 data centers. We have already \nidentified over 100 data centers that agencies have zeroed in \non that could be shut down this calendar year. We are making a \nlot of good progress on----\n    Senator Carper. What do you do? Do you ask the agencies to \nhelp identify them? Is that the way it is working?\n    Mr. Kundra. So we have actually put together a Data Center \nConsolidation Task Force, and that task force is zeroing in on \neach of the departments, and we are looking for opportunities \nto consolidate, not just within departments but across the \nFederal Government. And so those are the data centers that we \nwant to shut down, but we want to move forward very, very \naggressively to make sure that assets that are not being \nutilized, there is no need to waste taxpayer money on them.\n    Senator Carper. As the Postal Service struggles with trying \nto figure out how to be vibrant and play a critical role in the \n21st century, they are looking to close down not just post \noffices but also distribution centers. And there is a pushback. \nAre you getting pushback on these efforts to close the data \ncenters? Or is it pretty much a fait accompli?\n    Mr. Kundra. I think once we release the locations and the \nnames, I am sure there is going to be a lot of robust \ndiscussion back and forth.\n    Senator Carper. OK.\n    Mr. Kundra. But I definitely expect that we will be before \nthis Subcommittee talking about this.\n    Senator Carper. All right. Good enough.\n    Mr. McClure, any thoughts on that question?\n    Mr. McClure. Yes, I think some of the things that I \ndiscussed in the statement today are helping the Cloud First \nstrategy. The infrastructure as a service offering, the cloud \ne-mail offering, the ability for agencies to get software in \nthe cloud off of our apps.gov Web site--these are all helping \nthe agencies meet, I think, the Cloud First deadlines that the \nAdministration has set.\n    We also are helping create a pre-RFP collaboration platform \nso that industry and government can actually talk about \nsolutions before we enter into the laborious contracting and \nprocurement process. I think that will be very helpful.\n    The final area I think we are helping is in data \nconsolidation in that we do a lot of the leg work for Vivek and \ncollecting a lot of the information. And we can step back with \nVivek and look, similar to what Dave is doing, on where we see \nreal opportunities for cloud and consolidation across \ngovernment, not just within a single agency but across \ngovernment, and that is really where I think a lot of progress \ncan be made as well.\n    Senator Carper. OK. I think you have spoken to this. I am \ngoing to drill down on it just a little bit more. Each agency \nis supposed to identify three must-move systems to the cloud \nwithin the first 3 months of 2011, and let me just ask again. \nHave all the agencies met this goal? I think you may have \nresponded, but have all the agencies met this goal?\n    Mr. Kundra. Yes, they have submitted--I think we have about \n75 systems that have been identified that will move to the \ncloud, and part of what agencies are doing right now is making \nsure that they are looking at their security requirements, \nprocurement strategies, to actually begin migrating over to the \ncloud.\n    Senator Carper. All right. Thank you.\n    Again, another question for Mr. Kundra and Mr. McClure. I \nam sure you are both aware of news over the past couple of days \nconcerning Google\'s claim that their Apps for government cloud \nproduct received Federal Information Security Management Act \n(FISMA) certification and accreditation from GSA. According to \npress reports, the Department of Justice (DOJ) notified Google \nin December 2010 that its Apps for government was, in fact, not \nFISMA compliant. To help provide some greater clarity on this \nissue, I would just like to ask both of you, if you would, to \ncomment on the recent reports and discuss how OMB and GSA are \naddressing the concerns that are raised by them.\n    Mr. McClure. Sure, I would be glad to bring some clarity to \nit. In July 2010, GSA did a FISMA security accreditation for \nGoogle Apps Premier. That is what the Google product was \ncalled, and it passed our FISMA accreditation process. We \nactually did that so that other agencies could use the Google \nproduct, and we do one accreditation, and it is leveraged, \nagain, across many agencies.\n    Since that time, Google has introduced what they are \ncalling Google Apps for government. It is a subset of Google \nApps Premier. And as soon as we found out about that, as with \nall the other agencies, we have--what you would normally do \nwhen a product changes, you have to recertify it. So that is \nwhat we are doing right now. We are actually going through a \nrecertification based upon those changes that Google has \nannounced with the Apps for government product offering.\n    Senator Carper. Mr. Kundra, any comment, please?\n    Mr. Kundra. Well, from an OMB perspective, we do not \nactually get involved in individual procurements. We are more \nfocused on the broader policy around this shift to cloud \ncomputing.\n    Senator Carper. All right. I appreciate what you both have \nsaid here today, but given the potentially serious nature of \nthe news, I have asked my staff to followup with your offices \ntoday on this issue so we can try just to get to the bottom of \nit. And I would also like--I am going to ask that you respond \nto any questions for the record that the Members of the \nSubcommittee may have on this same issue.\n    Another one for Mr. Kundra and Mr. McClure and then I will \nclose it with a short question for Mr. Powner.\n    Today the continuing resolution (CR) introduced in the \nHouse, H.R. 1473, gives, I believe, $8 million to the \nElectronic Government Fund. This fund, which is often referred \nto as the E-Government Fund around here, pays to operate the IT \nDashboard, USAspending.gov, among other things. And I \nunderstand that your original request was for around $34 \nmillion.\n    Given this steep cut, will the E-Gov Fund continue to \noperate as it has in the past? Or can we expect some of these \nWeb sites to go dark?\n    Mr. Kundra. Well, I think given the original request versus \nwhere we are right now, we are still evaluating the \nimplications, but we are going to have to make some tough \ndecisions around which systems are going to have to go offline \nversus what can be supported with the $8 million fund. Since \nthis is very recent news, we have not had a chance to actually \nsit down and prioritize systems.\n    Senator Carper. All right. Senator Brown has already asked \na question about what further can we do to be helpful, \nsupportive, and constructive, and I am going to come back to \nthat and ask you what will be really the last question I ask of \nyou. But before I ask that--and you have given us some thoughts \nalready, but I want to just ask you to reinforce and re-\nemphasize some of your points.\n    In each of your minds, what are the metrics for success for \nthe President\'s plan? What are the leading indicators that the \nCongress and the American people can look to in, say the next \n14 or so months to tell us if we are successful or not? Mr. \nPowner, do you want to go with that first?\n    Mr. Powner. In terms of the IT reform plan, I would say \ngetting more of those projects into the green would be one \nlarge area, and also in the data center arena, the goal to \nreduce 800 data centers by 2015, that in the next year or 18 \nmonths, to Mr. Kundra\'s point that we are making progress on \nthat, that is a stretch goal, but the stretch goals are very \ngood.\n    Senator Carper. Good. All right. Mr. McClure.\n    Mr. McClure. Well, I think the IT reform plan covers so \nmany different things that there are a lot of different ways to \nlook at the measurement of its success. For example, we know we \nneed to, as Dave has mentioned, and Vivek, that we need to \nimprove program management in the government. That is not \nsomething you solve overnight. So some of these will have \nlonger-term success measures than others. But I think the real \nthings for us to focus on and we are focused on is looking at \nreal cost savings, No. 1. No. 2, making sure as Vivek goes \nthrough the TechStat that poorly performing projects cease or \nat least they are repaired or fixed before they proceed. And \nthen, last, I think the measures for IT that are really golden \nare whether it is improving the business, the operations of \ngovernment.\n    So we really ought to be looking at the operational metrics \nof government and the service delivery of our programs. That is \nwhat IT is supposed to be helping do.\n    Senator Carper. All right. Good. Mr. Kundra.\n    Mr. Kundra. I would say three quick things.\n    No. 1 would be to improve the yield on the $24-plus billion \nwe spent on infrastructure, whether that is through shutting \ndown the 800 data centers or shifting to cloud.\n    Second would be to make sure that the money we are spending \non large-scale IT projects that we actually terminate, turn \naround, or halt poorly performing projects that could yield \nbillions in savings.\n    And third, I think creating an ecosystem where we introduce \nDarwinian pressure as far as startup companies and innovative \ntechnology companies that can come and compete for Federal \nbusiness.\n    Senator Carper. All right. Thanks.\n    Senator Brown, while you were out of the room, I told the \npanel that the last question I had for them is really one that \nyou have already asked, but it is a real good question, and I \njust want to come back to it again. It is one I often ask \npanels in discussions of this nature.\n    Again, just re-emphasize for us, underline for us the \nthings that we need to continue doing on our side as one of the \nthree branches of government to get to, in this arena, better \nresults for less money. Mr. Powner.\n    Mr. Powner. Well, a couple points here. Mr. Chairman, we \nhave been at this for many years, but right now we have the \nbest transparency we have ever had with the IT Dashboard. So I \nthink your bill that would codify some type of--where that \ntransparency continues, that is clearly needed. And also, each \nyear that we are up here, we are always talking about hundreds \nof projects totaling near $20, sometimes $25 billion at risk--\nthat has not changed over the years. We now have probably the \nbest reform plan we have ever had, so in terms of the best \ntransparency and the best plan, now is the time to execute to \nthose plans. So I think your oversight hearings focused on \nthose areas, along with your legislation, is very helpful.\n    Senator Carper. All right. Thank you. Mr. McClure.\n    Mr. McClure. I would agree totally. I think the role of the \nCommittee in shining transparency on exactly what is happening \nin the government is a change lever that the Congress needs to \nutilize as much as it possibly can.\n    Second, I think the budget process is a difficult one in \nthe technology area because we assume that technology projects \nmagically begin and end within a budget cycle, and many can but \nnot all do. And yet we restart or recalibrate the discussion \nthrough the budget process. So aligning some of the budget \nneeds with the technology cycles I think is something that the \nCongress should look at as well.\n    Senator Carper. All right. Thank you. Mr. Kundra.\n    Mr. Kundra. I think, Mr. Chairman, you are commended to \nreally bringing a focus on Federal IT, which is not necessarily \nthe sexiest subject in government. So I really appreciate the \nfocus that you have brought over the many years.\n    The areas that I think would be really, really helpful, I \nthink the bill that you focused on and what I have seen working \nwith your teams, seems to be transformational.\n    Second would be the focus on the budget authorities; \nespecially consolidating commodity IT under departmental CIOs \nwould be extremely helpful in moving this conversation forward.\n    Senator Carper. Great. All right. That is very helpful. \nThank you.\n    Senator Brown, any last questions before we excuse this \npanel? All right. Gentlemen, thank you so much for joining us \ntoday and for the good work that is going on, and let us just \nnot relent. Let us keep it going. Thanks so much.\n    All right. Panel No. 2. I like to say we were saving the \nbest for last, but those first guys were pretty good. We will \nsee.\n    The first witness on our second panel is Steve O\'Keeffe, \nFounder of MeriTalk Online, a Government IT network that \nfocuses on driving the Government IT dialog. A 20-year veteran \nof the Government IT community, Mr. O\'Keeffe has worked in both \ngovernment and industry. In addition to MeriTalk, Mr. O\'Keeffe \nhas founded Telework Exchange, GovMark Council, and O\'Keeffe & \nCompany. Nice to see you. Welcome.\n    Rishi Sood--is that correct?\n    Mr. Sood. Yes.\n    Senator Carper. Has your name ever been mispronounced?\n    Mr. Sood. Every day.\n    Senator Carper. OK. All right. Hopefully not here. Mr. Sood \nis Vice President of Gartner Incorporated, a major information \ntechnology research and advisory company. Mr. Sood has spent \nthe past 17 years at Gartner, but his recent focus has been \ndedicated to cloud computing and cybersecurity policy in \ngovernment.\n    Our final witness is Mr. Al Grasso, President and Chief \nExecutive Officer of MITRE Corporation. Nice to see you. MITRE \nCorporation is a leading not-for-profit organization which \nprovides high-level analysis and information related to \ninformation technology and modernization.\n    We welcome you all. Thank you for your preparation and your \nwillingness to spend this time with us, and we look forward to \nhearing your testimonies. Again, your entire statements will be \nmade part of the record. If you would like to summarize, that \nwould be just fine.\n    I am told we are going to have a vote at noon, high noon, \nso that will give us an opportunity to complete each of your \ntestimonies, and then what I will probably do is just run--if \nwe only have one vote, I am just going to go to recess for a \nfew minutes, run and vote, and then come back and we will ask a \nfew questions.\n    Mr. O\'Keeffe, would you like to lead us off? Thank you.\n\n    STATEMENT OF STEPHEN W.T. O\'KEEFFE,\\1\\ FOUNDER, MERITALK\n\n    Mr. O\'Keeffe. Thank you, Senator Carper.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. O\'Keeffe appears in the appendix \non page 80.\n---------------------------------------------------------------------------\n    Senator Carper. What did you say?\n    Mr. O\'Keeffe. Thank you.\n    Senator Carper. I am just kidding. [Laughter.]\n    You were not born in Mississippi, were you?\n    Mr. O\'Keeffe. No, I was not born in Mississippi. Just next \nto it.\n    Thank you for the opportunity to testify here today. It is \ngreat to be back. My name is Steve O\'Keeffe, and I am the \nFounder of MeriTalk, the online Government IT community. We are \nhere today to talk about OMB\'s 25-point plan to fix Federal IT, \nand I would like to start with a quick comment about cloud \ncomputing, which is central to OMB\'s plan.\n    As you mentioned, this is not Mick Jagger\'s cloud that we \nare supposed to get off. In fact, many Federal agencies have \nalready jumped on the cloud. This is not pie in the sky, if you \nwill pardon the puns. Cloud----\n    Senator Carper. That is pretty good. I think you are on a \nroll here.\n    Mr. O\'Keeffe. Here we go. Cloud----\n    Senator Carper. You are going to be a tough act to follow. \nI hope you guys are taking notes.\n    Mr. O\'Keeffe. I will be here all day.\n    So cloud is delivering very real savings and enhancing \nagility at Federal agencies like National Aeronautics and Space \nAdministration (NASA), Jet Propulsion Laboratory (JPL), \nDepartment of Health and Human Services (HHS), and the \nSecurities and Exchange Commission (SEC). This is not \nexperimental stuff. These are very real savings.\n    So maybe to kick off, why should we modernize Government \nIT? The Federal Government currently spends north of $80 \nbillion, with a ``B,\'\' on IT. That is a lot of jingle--33 \npercent more than the gross state product of Delaware, \nincidentally.\n    Despite talk about doing more with less, these numbers \ncontinue to grow. I have been in the Government IT community \nfor over 20 years, and every year the budget seems to go up.\n    Agencies are spending nearly half their IT budgets, some \n$35.7 billion, supporting legacy technologies in need of \nmodernization. And so to the 25-point plan. Like many others, \nmy first review of OMB\'s 25-point plan ended in confusion. \nTwenty-five points. Really? When I was a small boy in school, I \nhad profound challenges remembering the Ten Commandments, and, \nof course, there were only 10 of those.\n    As we did last year for the Committee\'s open government \nhearing, MeriTalk launched a survey of the Federal IT community \nto get government and industry perspectives on the 25-point \nplan. We asked respondents to rate each point of the plan based \non whether it was, one, desirable and, two, doable. And taking \na leaf out of Ross Perot\'s book--for those people who remember \nthe election--we have charts again, and I think those are in \nfront of you, Senator Carper.\n    The net up-front is that the community feels that all \npoints are desirable, but there are some serious questions \nabout executability. Interestingly, government employees are \nless optimistic about doability than their industry \ncounterparts.\n    We asked the community to rate each point in the 25-point \nplan, and as you can see from the All Respondents chart, the \nscattergram, the community does not place equal value on all \npoints. Interestingly, the evolutionary, nurturing and easy-to-\nunderstand points score best--Katie doing Vanna White here--\nwith Point 7, design a formal IT program management career \npath, topping the charts.\n    The most revolutionary initiative rated lowest. See Point \n3, Cloud First.\n    Other disruptive initiatives did not fare that well either: \nPoint 1, data center consolidation, hit roughly in the middle \nof the pack. And Point 2, enabling a governmentwide marketplace \nfor data center availability scored poorly as well.\n    Now, let us look at civil versus defense. As you can see in \nthe charts, civil and defense respondents march very much in \nlockstep. Point 7, design a formal IT program management career \npath, and Point 10, launching a best practices collaboration \nplatform, top the charts. Interestingly, civilian agencies are \nmore focused on Point 16, reducing barriers to small innovative \ntechnology companies, a point that Vivek hit pretty hard, I \nthink. Due to their dynamic mission, defense agencies have \nembraced this approach long ago. DOD demonstrates a greater \nappetite for shared services as well as optimism for \nexecutability.\n    Now to government versus industry. Interestingly, with the \nexception of government being less optimistic about the ability \nto deliver, government and industry are almost precisely on the \nsame page. The exceptions include that industry prioritizes \nPoint 8, requirement to scale IT program management career \npath, as well as Point 15, requirements to issue guidance and \ntemplates to support modular development. It is no great \nsurprise that these points are important to contractors that \nare interested in getting it done.\n    Closing out the survey, we asked what one thing would \nrespondents recommend that the government do to improve Federal \nIT. Both government and industry suggested that we attach \naccountability to objectives. Other hot recommendations: allow \nCIOs to retain funds they save, eliminate unfunded mandates, \nand reduce the number of objectives. Clearly, less is more.\n    The net take-away from the study: To increase the impact of \nefforts to fix Federal IT, we need to simplify the message and \nfocus on the three C\'s--consolidate, connect, and calibrate.\n    Consolidate: Less is more.\n    Connect: The Federal Government\'s senior IT professionals \nare not equipped for nor experienced at driving change. We need \nto communicate the why, how, and what it means for your career \nin order to successfully operationalize desired change.\n    Calibrate: We need to set goals that we really can and mean \nto measure, and we need to follow through on measurement and \nhold executives accountable. We need to recognize that the \nchanges on the table are not easy. We should set realistic \ntimelines, and we need to establish venues and tools to support \nFederal IT professionals as they move through the profound \nchanges.\n    If the definition of insanity is doing the same thing and \nexpecting a different outcome, then Mr. Vivek Kundra deserves \nhigh praise for introducing much-needed new thinking into \nFederal IT. Federal IT professionals estimate that data center \nconsolidation and cloud can drive upwards of $14 billion, again \nwith a ``B,\'\' in efficiency savings.\n    Mr. Kundra is asking for $25 million to fund the Federal IT \nfixes. The return on investment on this $25 million is hundreds \nof dollars for pennies invested. The point here is not that we \nshould focus on the easiest or most popular initiatives. OMB \nneeds to prioritize and focus hardest on the programs that \noffer the highest return on investment. That means cloud and \ndata center consolidation. We need to listen to feedback from \nthe community, set a clear vision, and build an operational \nframework to realize the changes that we seek.\n    Thank you for the opportunity to testify.\n    Senator Carper. We thank you. Thank you very much.\n    Mr. Sood, please proceed.\n\nSTATEMENT OF RISHI SOOD,\\1\\ VICE PRESIDENT, GOVERNMENT VERTICAL \n               INDUSTRIES, GARTNER, INCORPORATED\n\n    Mr. Sood. Chairman Carper and distinguished members of the \nSubcommittee, thank you for the opportunity to speak to you \ntoday. My name is Rishi Sood, and I am Vice President of \ngovernment research at Gartner. Gartner is the world\'s leading \ninformation technology advisory and research firm and is a \nvaluable partner to 60,000 clients and 11,000 distinct \norganizations, including the Federal Government.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr Sood appears in the appendix on \npage 93.\n---------------------------------------------------------------------------\n    In examining the President\'s plan, I would like to focus on \nthe growth in Federal IT spending, the elements of the plan \nthat will have an immediate impact, and reform issues that will \nbe important over the long term.\n    To begin with, Federal IT spending has exploded over the \npast decade. According to my research at Gartner, traditional \nIT spending by Federal Government organizations was \napproximately $32.2 billion in 2001. This year it will reach \n$80.1 billion. This is an increase of over 248 percent over the \npast 10 years.\n    While much of this IT expansion is justified by growing \nFederal operations, insufficient analysis has been given to the \ncost effectiveness of IT spending. Additionally, some of the \nspending increases have not been effectively coordinated, \nresulting in some cases in technology sprawl across the Federal \nGovernment.\n    Given this dramatic rise in Federal IT spending, there are \na number of questions that need to be addressed. What is the \nvalue and cost effectiveness of IT spending? To what extent is \naccountability adequately built into the IT spending? And what \nsteps should be taken to invest the right amount in the right \napplications while avoiding costly mistakes?\n    While these questions are always important, they are even \nmore important in light of the current budget battles and \nfiscal constraints that will affect Federal IT spending. Not \nonly will Federal agencies face slower growth in IT spending \nover the next decade, but there also may be cutbacks to current \nlevels of IT spending. Urgent action is needed to improve IT \nspending because reforms will take time to show results.\n    In the end, however, the value of IT comes from the impact \nof technology on government operations, increased productivity, \nlower cost of service delivery, and increased customer service. \nTo succeed in these times, government must harvest the upside \npotential of IT while limiting the downside risk of \nimplementation failures.\n    Let us discuss some of the parts of the reform that will \nhave an immediate impact.\n    President Obama\'s 25-point reform plan is a strong path \nforward to align the needs of Federal Government organizations \nwith budget realities. The reform creates guardrails needed to \nguide technology operations while continuing to promote \ninnovation and accountable technology use. In many respects, \nthe reform plan lays the initial foundation needed to answer \nthe questions raised earlier: value, accountability, \napplication size, and mix.\n    Several of the areas of the reform plan will likely be most \nimportant for Federal technology management practices. These \ninclude:\n    No. 1, the focus on an empowered CIO position. Empowered \nCIOs are needed to set enterprise goals, push standardization \nthrough the organization, and drive more efficient technology \nuse. By strengthening the CIO position, there will be greater \naccountability for achieving targeted agency goals.\n    No. 2, move to a data center consolidation plan. The \nincrease in data centers across the Federal Government has been \ndramatic. The task now is to consolidate these data centers to \ndrive down costs and increase efficiency. Harvesting economies \nof scale is critical for the effective allocation of \ninformation technology investments.\n    And, No. 3, the focus on shared services. The move to \nshared services provides an important means for Federal \nagencies to maximize the value of technology, create a \nservices-led approach to technology delivery, and build more \nefficient IT services across the government enterprise.\n    Now let us look at some of the longer-term reform issues in \nfront of us. The President\'s reform plan includes other \nstrategically important goals that will likely require a longer \ntime horizon to implement. These include additional investments \nin government personnel. The Federal Government will need to \ninvest in Federal contract officers, acquisition officers, and \nprogram managers to drive and execute real change in \nprocurement, acquisition, and management of technology \nprojects.\n    No. 2, technology vendor outreach, partnerships, and buy-\nin. An effective technology and service provider community is \nan essential part of Federal success with IT. As larger reforms \ntake root, it will be vital for the Federal Government to \nincrease its outreach to the vendor community, continue to work \nin partnership approach with this community, and to secure a \nstrong buy-in for the changes ahead.\n    And then, No. 3, an agile approach to IT. One of the most \ndifficult yet important aspects of the reform plan involves \nbuilding a modular approach to technology investments. This \nwill span multiple parts of the technology life cycle and will \nlikely require more effective and detailed use of newer \nmethodologies, like EVM and PPM, to support these goals.\n    In addition to the issues described above, it will be \nimportant for Federal officials to recognize the following:\n    No. 1, timing. The reform plan includes goals for 6-, 12-, \nand 18-month time periods. While these goals are laudable, they \nmay be overly ambitious. The Federal Government is an enormous \nenterprise, and it is difficult to achieve significant \nstructural changes in a short time horizon.\n    No. 2, assisting agencies through the change. While some \nagencies have embraced the changes proposed, other agencies may \nbe more resistant to change. As the reform plan moves forward, \nproper incentives and disincentives will be critical in moving \nagencies in a cohesive fashion.\n    And then, No. 3, technology as a silver bullet. In the end, \nit must be recognized that information technology represents \nthe best mechanism to improve government efficiency and lower \nthe cost of service delivery. Consequently, IT must remain an \nimportant area of continued aggressive investment. The critical \nissue now is to protect and incentivize the IT reforms noted \nhere so that Federal IT will maximize results while minimizing \nmistakes.\n    Thank you for your time, and I look forward to your \nquestions.\n    Senator Carper. Thanks. That was great testimony. Thank you \nso much.\n    Mr. Grasso, welcome. Very nice to see you.\n\n STATEMENT OF ALFRED GRASSO,\\1\\ PRESIDENT AND CHIEF EXECUTIVE \n                 OFFICER, THE MITRE CORPORATION\n\n    Mr. Grasso. Thank you. Chairman Carper, Senator Brown, \nhonorable Members of the Subcommittee, thank you for giving me \nthe opportunity to appear in front of you today on this very \nimportant topic.\n---------------------------------------------------------------------------\n    \\1\\ The prepared statement of Mr. Grasso appears in the appendix on \npage 98.\n---------------------------------------------------------------------------\n    As you mentioned, my name is Alfred Grasso. I am President \nand CEO of the MITRE Corporation. Our company\'s 50-plus years \nof experience, contributions, and accomplishments have given us \na perspective that I believe is highly relevant to the topic of \ninformation technology planning and management.\n    Information technology-intensive programs operate in an \nenvironment of rapid technology evolution where new generations \nof technology are introduced in months rather than years. \nUnfortunately, currently the Federal acquisition processes and \nbudget cycles are not well matched to these timelines. OMB\'s \n25-point plan is a positive step in the IT reform process.\n    As I observe the state of IT management in the Federal \nGovernment, I am struck by the amount of attention paid to the \nfailures versus time analyzing the successes for critically \nimportant lessons. There is a strong tendency to impose new \npolicies, processes, and reporting requirements in an effort to \navoid future failure. These requirements introduce a burden \nthat reduces agility, imposes costs, and delays the delivery of \ncapability.\n    In an interesting study conducted at the Defense \nAcquisition University, students determine that a ``null \nprogram\'\'--that is, a program that delivers absolutely nothing \nbut satisfies mandatory reporting and process requirements--\ntakes about 3 years to complete under the current rules. A \nsystem that requires 3 years to deliver nothing is clearly \nfundamentally flawed.\n    The 25-Point Implementation Plan to Reform Federal \nInformation Technology Management is based on practices that \nwork. We applaud OMB, Mr. Kundra, and the Federal CIO Council\'s \nleadership on this topic. However, experience leads us to \nobserve that additional steps can be taken both to enable \nsuccessful implementation of the plan and to expand on some of \nthe important goals defined in it. With that in mind, enduring \nchange will require the following:\n    First, establish IT governance that includes authorities \nand flexibilities where they best contribute to the success or \nfailure of these programs, without losing transparency into how \nthese portfolios are performing.\n    Second, build and empower PMOs by incentivizing and \nprofessionalizing key management and technical roles to \nmotivate people to adopt these roles as careers, not simply \njobs.\n    Third, define and build IT capabilities that are both \nsecure and resilient.\n    The first step is to establish a governance model that \ncombines a comprehensive portfolio management and budgeting \napproach with close coupling to the end user. The goal from my \nexperience is to provide the authority for CIOs to manage their \nbudgets as a portfolio, with the flexibility to shift resources \nto address changing needs, changing technology, and increasing \nagility.\n    Fundamentally, the problem is this: The investment decision \nprocess occurs 12 to 24 months before the budget is actually \nmade available, but the scoping, planning, and foundational \ntechnical work necessary to make a sound investment decision \ncannot be taken that far in advance and without some limited \nbudget authorization. The 25-point plan proposes to work with \nCongress to realign this process, and we agree that is an \nimportant thing to do.\n    I strongly encourage Congress to take the necessary steps \nto realign the budgeting model and allow CIOs and portfolio \nmanagers to exercise the strategic decisionmaking that their \npeers in the private sector have had for years.\n    In addition, the plan raises the need to align the delivery \nand technology cycles through incremental delivery. Again, I \nagree. However, it is critical that the increments be defined \nby sound, up-front architecture and systems engineering and the \ntiming of increments be linked with the operational tempo. \nSound systems engineering performed early in a program\'s life \ncycle has a strong correlation with improved project cost \nestimation and schedule planning. Likewise, alignment with the \noperational tempo ensures that technology drops have clear \nbusiness value and leverage IT infrastructure to support future \ncost-effective delivery of capabilities.\n    The second critical step is to establish strong program \nmanagement offices by incentivizing and professionalizing the \nkey roles for successful IT program delivery. In my past \ntestimony to this Subcommittee, I emphasized the importance of \nmaintaining strong technical and management capabilities within \nthe PMOs.\n    It continues to be my experience that successful programs \nare characterized by a strong government PMO capable of acting \nas a strong technical peer with contractor counterparts on \nsystems engineering topics. The individuals assigned to these \nprogram offices must view their position as a career and not \nsimply a job. Incentives play a key role in attracting and \nretaining competent program office personnel. Establishing a \ncareer progression gives individuals the opportunity to secure \ngreater responsibility and pay commensurate with increased \ndegrees of proficiency.\n    The third area of extreme importance is securing \ninformation systems and ensuring their resilience. This should \nbe a critical aspect of any investment, and it warrants major \ninvestments in its own right. All too often security is \nregarded as an afterthought, and all too frequently concerns \nabout system vulnerabilities are used to justify making less \ntransformational investments and adhering closely to the status \nquo.\n    It is critical that the architecture and design of IT \nsystems address both vulnerabilities and the capabilities \nrequired to withstand a breach. These factors should be key to \nthe evaluation of any IT investment to avoid additional costs \ndownstream. This is a topic on which the Federal CIO, the CIO \nCouncil, and the Congress can provide more leadership. They \nshould send a clear message that government information \ntechnology investments must not only be aligned with business \nneeds, deployed incrementally and managed properly within \nbudget and schedule, but also must be architected, developed, \nand operated with a clear eye on protecting public and private \ndata and continuing the critical services government performs \nfor the public.\n    Achieving the results expected of the 25-point plan \nrequires a major transformation that spans many aspects of the \nFederal Government\'s operations. The many elements of the 25-\npoint plan reflect two sets of related priorities: Adopting new \ntechnology that enables greater efficiency and establishing an \nenduring foundation of capabilities to plan, manage, and \nexecute IT programs more successfully. I believe the latter \nrepresents both the greatest challenge and the true imperative. \nWithout the opportunity, authority, and resources to accomplish \nthese goals, the success rate in adopting new technology will \ncontinue to suffer.\n    I am supportive of the direction of the 25-point plan as \nwell as other similar action plans developed and being \nimplemented across many agencies today. I am encouraged by this \nSubcommittee\'s clear interest in taking steps to codify methods \nand operating models that we know to be successful and on the \nincreased emphasis on develop foundational capabilities that \nwill endure beyond contemporary solutions.\n    I believe if these steps are taken, the promise of the 25-\npoint plan can be realized, and the priority it lays out will \nhave lasting value.\n    I respectfully request that my prepared statement be \nincluded in the record, and I would be pleased to answer any \nquestions.\n    Senator Carper. And we will be pleased to make your \nprepared remarks part of the record.\n    That was an excellent summary.\n    Thank you for your testimony, all of you. It was just \nsuperb.\n    You may have heard that a vote has started, and I am going \nto run and vote, and we will just recess for a little bit. When \nI come back, the first question I will ask you--you can be \nthinking about this. I am going to ask you to reflect on the \ntestimony of each of the other two witnesses appearing with you \nand some things that you think that you really agree with or \nmaybe you are not sure about. And if there is anything you \nwould like to look back to the testimony of our first three \nwitnesses, to comment on what you heard there that might be \nappropriate to raise. We will start with that, and we will \nprobably go for about, 15, 20 minutes and then adjourn.\n    All right. Thanks very much. I will be back in about 10 \nminutes. [Recess.]\n    I am going to ask that we reconvene. Thank you for your \npatience and for bearing with us, and now let us resume.\n    Just before I left, I indicated that my first question was \ngoing to be to ask you to reflect on what your colleagues here \nat the table have had to say and for each of you just to do \nthat, and if you have any reflections on some of the testimony \nand the answers that the first panel provided for us, I would \nwelcome either of those.\n    Mr. Grasso, would you like to lead us off, please?\n    Mr. Grasso. Sure. There were several points that have been \nmade throughout the day here today that I think are especially \nvaluable, and, in fact, one reflects a question that you asked \nearlier. I think it should be no surprise to anybody that what \nis presented in the 25-point plan is a significant change \nagenda. And when it comes to change, there is indeed quite a \nbit of resistance to change because it imposes on people\'s \nequities in some cases and threatens others.\n    So we look at things like data center consolidation and so \nforth, while we have, I think, admirable objectives, there is \nno doubt in my mind as we progress in this area that there will \nbe obstacles in achieving those objectives. But I believe, with \nthe proper level of leadership, attention, and perseverance, \nthat we could overcome those obstacles.\n    What we really do need to do is to ensure that the right \nincentives are in place for everybody so that we are all moving \nin the same direction.\n    Senator Carper. Talk a little bit more about that, please?\n    Mr. Grasso. All too often there are individual incentives. \nEverybody around the table is incentivized for their own \npersonal career growth for a number of reasons. There are \norganizational incentives and there are incentives that are \ngiven to contractors in supporting the activities.\n    So if you look at those three different incentives, today \nmany of the individual incentives really are less focused on \nthe outcome of the activity, and they are more focused on what \nI would call a career track for an individual.\n    If you take a look specifically in the military, the job \nrotation and the assignments a person has been in is more \nimportant perhaps than staying in an assignment for a long \nenough period to see an outcome fulfilled. So we are finding \nfolks rotating more often than should be.\n    Inside industry, if you have a successful program manager \non an important program, rest assured that person will be \nrewarded from a career perspective while on that program and as \nhe or she transitions out of that program. It is often not the \ncase where someone can get rewarded by staying on the same \nprogram for a number of years beyond what would be typical for \nthat kind of assignment inside of government. So the incentives \nneed to be properly aligned to ensure that they are indeed \npursuing what they believe to be a very strong career track.\n    And the last point I would make is the topic of \naccountability. We all need to be accountable for these \noutcomes, and I think it is important to recognize that the \nsuccessful outcome is one for which a number of stakeholders \nare involved. And there needs to be a shared sense of \naccountability, not just the CIO is accountable and he or she \nwill succeed. All of the stakeholders need to share that level \nof accountability and need to be incentivized to do so. So I \nthink those are some key points that were made.\n    One last point that I think Rishi made is the business \nvalue. We talk about IT sometimes exclusive of the value that \nit delivers to transform the business and to deliver new \ncapabilities or perhaps to deliver current capabilities more \neffectively. So we need to ensure that the IT community and the \nmission side are very closely connected to ensure that it is \ndelivering the business value that it was intended to deliver.\n    Senator Carper. Good. Thank you. Those are very good \npoints. Thank you. Mr. Sood.\n    Mr. Sood. I think there was really valuable testimony by \nfellow panelist Mr. Grasso here that really focused on sort of \nthe governance issues, that focused on really the program \nmanagement and career path issues associated with maintaining \nthis course across the Federal Government. I think that is a \nvital aspect of the reform plan, the amount of investment that \nwe are putting back into the agencies and the personnel within \nthose agencies.\n    I also think Mr. O\'Keeffe has provided some really valuable \ndata straight from governments directly, straight from the \nagencies and the vendor community directly in really \ninteresting ways, not just what we should be doing and what is \nappropriate and what they think is appropriate about the reform \nplan, but also what is doable. And that juxtaposition between \nwhat can be done or should be done and what can be done over a \nshort period of time I think is very valuable. It gives you a \nsense, I think, as Chairman of this Committee, really to look \nat the level of resistance that might be focused on some of the \nmajor reform plan items and the need to really push and lead \nthose issues forward.\n    I just want to make another comment, though, that was \nspecific to the earlier panel, the government panel directly, \nbecause I think they made a number of points which were talking \nabout transparency about this process, about the fact that you \nhave been dedicated to holding these hearings and really \nshining a light, if you will, on this process.\n    The combination of the IT Dashboard, the combination of the \nTechStat strategies, the combination of the hearings you are \nholding I think truly are making some of those first steps \ntoward reforming the entire process and getting the level of \nwaste and the level of efficiency out of the IT pantheon. So I \napplaud those efforts.\n    Senator Carper. Thanks for saying that. Thank you. Mr. \nO\'Keeffe.\n    Mr. O\'Keeffe. I wish you had told me there was a test \nbeforehand. I would have paid more attention.\n    Senator Carper. This is a pass/fail course. [Laughter.]\n    Mr. O\'Keeffe. I think there has been some very valuable \ntestimony, and the perspectives of my fellow panelists here \nhave been terrific.\n    I think that the incentive point that Mr. Grasso makes is \nright on the money. We need to look at why people are going to \nbe incented, what we refer to as ``What\'s in it for me\'\' \n(WIIFM)?\n    There are programs that have been launched at various \nFederal agencies where if you uncover savings opportunity, you \nget to keep 50 percent of that money. And what has the result \nbeen? No savings opportunities have been uncovered because they \nalready have 100 percent of the money, so why would they want \nto identify a program in order to lose half the budget?\n    If you look at things like data center consolidation--and \nJohn Collins has been involved in some of those meetings--we \nare looking at the ability to consolidate data centers in other \nagencies\' data centers. Well, we had a data center lead from an \nagency out in Austin, Texas, who said that--he called around to \nagencies in the area in Austin and San Antonio to identify what \nother agencies might have space so he could consolidate into \nthem. And what he found was nobody had any space. Why would \nthey have space? Because if they allow him to consolidate into \ntheir data center, they lose that space and effectively they \nlose budget.\n    So I think we need to look at some of the fundamental \nincentives. What are the carrots? What are the sticks? And, \nimportantly where is the dog bone here? How are agencies like \nGSA eating their own dog food? Which I think is tremendously \nimportant.\n    I think Rishi\'s perspective in terms of organizations like \nGartner can provide terrific crossover from what has happened \nin the commercial market so we can identify best practices for \ngovernment, which are critical.\n    I also think there were some interesting perspectives \nshared from GAO saying there are 600 H.R. systems in the \nFederal Government, $2.9 billion. Clearly there is an \nopportunity for synergies and shared services.\n    There are 4,700 systems currently outsourced. Vivek \nmentioned that. So when we talk about security, clearly there \nare security issues that exist in the current model. In many \ncircumstances agencies are using security as a way not to move \nto cloud, and I have participated in testimony myself where we \ntalked about the problems with leaky systems as they exist \ntoday on premise.\n    I think some of the numbers about how many agencies have \nmoved to cloud first are also very interesting. I would be \ncurious to get more transparency into that, and also the \ndiscussion about the 14 items on the 25-point plan that are up \nin 6 months. I think the question about how far we have moved \non those is a little unfair inasmuch as we are not sure what \nfunding has been attributed to the 25-point plan.\n    So I think just overall, as we look at--I am just looking \nup here at the crest above your head: E Pluribus Unum; From \nmany, one. And so this notion of what we are trying to do as a \nFederal Government, I think we need to look at it as, how can \nwe all work together in order to move the ball forward? And, \ncritically, as we look at cloud computing, E Pluribus Unum \nreally could be a motto for cloud computing inasmuch as the \nnotion of everyone doing their own thing is not going to solve \nthe problem. We do absolutely need to bring the resources \ntogether in order to provide a better, more effective, more \nefficient solution, not just for IT but for America.\n    Senator Carper. That is great. Believe it or not, your \nreference to those Latin words behind me is giving me an idea \nfor my closing thought. So that is good.\n    This is really a question for all three of you, if I could, \nand let me just start with Mr. O\'Keeffe. First, we want to \nthank you and your team at MeriTalk for the information you \nwere able to provide today regarding the agency officials\' \nfeelings about the 25-point plan. Very interesting. You find in \nthis detail that both government and industry want \naccountability attached to the objectives of the plan, and they \nalso suggest CIOs be able to retain funds that they save.\n    I want to ask each of you on the panel to discuss these two \nideas. How do you propose we insert stronger accountability and \nstronger financial incentives into the management of Federal \nIT? And I will ask, Mr. Grasso, for you to lead off, and then I \nwill just say I studied as an undergraduate--at Ohio State, I \nstudied some economics, my professors would say not nearly \nenough, But I got an MBA at Delaware and studied a little more \neconomics. But I have always been fascinated by how do we \nharness market forces to drive good public policy behavior. I \nhave always been fascinated with that.\n    So, Mr. Grasso, when you said in your remarks--I think you \ntalked about aligning the incentives. I look at almost \neverything, almost every issue that comes before us here. How \ndo we have the incentives aligned? But would you want to take a \nshot at that? How do you propose that we insert stronger \naccountability and stronger financial incentives into the \nmanagement of Federal IT? You have already commented on this a \nlittle bit, but you might want to add to it.\n    Mr. Grasso. Mr. Chairman, this is obviously a very tough \ntopic. If we had the answers, we would probably be employing \nthem as we speak today. But from an accountability perspective, \nall too often we measure accountability by activity and not \nnecessarily by outcome, partly because activity is measurable \nWe could measure that you did something and how well you did \nthat something. But did all of those activities lead to the \noutcome that you had desired.\n    Senator Carper. I like to say we measure progress--or we \nincentivize progress.\n    Mr. Grasso. That is exactly right. So I would say it would \nbe a good first step to really develop a set of shared outcomes \nthat are defined well enough and not so far into the future \nthat it will be several careers before you could achieve those \noutcomes, but outcomes that are indeed measurable, as is in \nthis plan, where you have 6-month increments. You are not just \nmeasuring progress, but there is a very specific, tangible \noutcome which connects the entire community together and would \nbe a shared success for the community. So that means that it is \nan outcome that has responsibility of the developer to deliver \nsomething, the user to accept it and to start using it, and the \ntest community to ensure that they have a program that is in \nplace in the right time sequence.\n    If we become more outcome focused than activity focused, I \nthink attention to accountability will increase significantly.\n    Senator Carper. Good. Thank you. Mr. Sood.\n    Mr. Sood. Yes, just to dovetail on Mr. Grasso\'s points \nthere, I will go back to my written testimony that really \nfocused on the business value of IT. I think too often in the \nreform or in the discussions about the reform plan, there has \nbeen focus on whether Project X or Project Y should be canceled \nor not and what are the cost savings associated with that.\n    I think in many respects CIO Kundra made a very important \npoint, that when he did the first pass of the at-risk project \nlist and took a look at the four that were terminated and the \n11 that were reformed, if you will, the more important side of \nthat was the 11 that were reformed because at the end of the \nday the business need is still going to be there for whatever \nthe technology initiative initially was there.\n    So being able to tie back incentives and being able to tie \nback that process to what is really the impact on the agency\'s \nspecific business process or the outcome that they are trying \nto achieve I think is a fundamental part of how we look at \nreform. It is not simply about taking the 2,000 data centers \nand moving them down to a manageable 1,000 or what have you. It \nis really about how efficient those data centers are and how \nmuch are we leveraging the economies of scale in running those \ndata centers so that they are impacting real business issues.\n    Senator Carper. All right. Thank you. Mr. O\'Keeffe.\n    Mr. O\'Keeffe. I think to accountability, transparency is \nthe answer. We need better data. The IT Dashboard is a great \nmove. There are still some significant fidelity issues in terms \nof the quality of that data. But the best way to drive \naccountability is transparency, and I think that has been \ntalked about. We need to continue to invest in those resources.\n    We need to make sure that we do not make claims about what \nis out there that is not out there. And so if you look at \nthings like the subcontractor database that was announced in \nthe Washington Post 6 to 8 months ago, the quality of that data \nstill is not particularly good. So we need to make sure that \npeople are rewarded, which goes back to incentives.\n    I think that when you look at IT people--and we are hiring \nthem right now--they are very difficult--very good quality IT \npeople are very difficult to hire, especially if you look at \npeople, for example, who are building mobile applications, some \nof the more progressive disciplines. And so the public sector \nneeds to work out how to incent these people to work in the \ngovernment and to stay in the government. There are many, many \nexcellent IT people in the Federal Government. But if you have \na culture where you cannot afford to hire the best and, \ncandidly, you have significant challenges getting rid of people \nthat do not perform, then what kind of culture does that breed?\n    I think there are many opportunities for the government to \nincent and motivate these IT executives and professionals and \npractitioners. This should not be about the beatings will \ncontinue until morale improves. And if there are too many \nunfunded mandates, it is very difficult to get out of bed in \nthe morning and feel good about what you are doing.\n    So we do not have the ability to open up the pocketbook and \njust lavish money on these people, as many private sector \norganizations are. But we can look at things like telework \nwhere we can give people the flexibility to work from home. We \ncan look at some of the prizes that are out there right now \nwhere we can reward innovation coming from the government. And \nI think we also need to look at what we are outsourcing. So \nmaybe some of these more interesting, more engaging projects, \ninstead of outsourcing those to contractors, we could be \nlooking at providing those exciting projects for government \nemployees to work on.\n    Senator Carper. All right. All good ideas. Thank you.\n    A question for Mr. Sood and Mr. Grasso. In your testimony \ntoday, you both noted how the President\'s plan incorporates a \nnumber of commercial best practices and attempts to bring them \nto government. One example of this is a move to segmented or \nmodular development of IT projects.\n    What concerns do each of you have about the ability of \ngovernment to embrace this approach, how we can make sure that \nagencies have what they need to make this particular piece of \nthe President\'s plan successful?\n    Mr. Grasso, do you want to lead us off?\n    Mr. Grasso. Sure. If we take a look at the technology that \nwe are accustomed to in our everyday lives today, whether it be \nthe cell phone maybe in your pocket, whether it be the iPad in \nyour briefcase, or the laptop, those have become commodities to \nus. We are turning those around anywhere from every 9 months to \nevery 3 years. But we are able to do so because they are built \non a very strong foundation and platform that evolves over \ntime, and we do not necessarily have to retrain ourselves, nor \ndo we have to restructure our own internal home infrastructure \nto accommodate these things.\n    The platform itself is evolving to allow forward \ninteroperability of new technologies. It is done because the \ninterfaces are very clearly defined. The modularity of \ncomponents are very clearly defined, and a marketplace has been \ncreated where you have many contributors and innovators that \nare working inside this platform and this framework that allow \nit to evolve. So we believe, I believe that it is critical that \nwe are able to do this going forward on the government side of \nthe house.\n    On the government side of the house we have progressed \nquite a bit, but I come from a world where we buy everything \nall together. If you need to buy a new software system, you buy \nthe hardware that goes with it and the infrastructure that goes \nwith it then you are evolving the entire thing. You are not \nbuilding on top of a platform. So we need to change that \nthinking that exists today for which fundamentally we need to \nbe interdependent. We need to allow service providers to \nprovide that platform, that infrastructure, and build the \nvalue-added applications on top of it, allow that \ninfrastructure to, in fact, evolve on its own and feel \nconfident that those interfaces that evolve will allow my \nfuture applications to also evolve so that I do not necessarily \nhave to design the underlying infrastructure each and every \ntime I upgrade.\n    Senator Carper. All right. Good. Thanks. Mr. Sood.\n    Mr. Sood. Yes, I would just say that agility with respect \nto IT is going to be the fundamentally most important way by \nwhich we really reform Federal Government IT spending over the \nlonger term. But in many respects, it represents sort of the \nantithesis of the way the Federal Government has historically \nreally looked at IT spending. We have looked at these \nwholesale, big-bang approaches typically that last over a 2-\nyear procurement cycle, and the items or the requirements that \nyou set up front might be obsolete by the time that procurement \ncycle is over and done with.\n    Having a more agile approach really will change that \nflexible nature, that foundational nature of Government IT \nspending, but the problems or the concerns I guess I would have \nis: How is Congress going to adapt the budgeting part to \ncoincide with this agile approach to IT? How are we going to \ninvest in the next group of contract officers, acquisition \nofficers, and program managers that are really trained and \nseasoned to apply some of those techniques to their projects? \nHow do we take detailed methodologies like earned value \nmanagement or product portfolio management and really apply \nthat to the agile structure so that, to CIO Kundra\'s point \nearlier, we do not get into this road where we are finally \nassessing these projects 3 or 4 years later and they have spent \n$20, $50, $100 million without proven results? We need results \nor at least a review of results over a much more manageable \ntimeframe.\n    Senator Carper. All right. Thanks.\n    The last question is, and this would be for everybody: I \nwant, if you would, to just think sort of the big-picture here \nagain as we close out, and I just wanted you to think outside \nof what you already talked about and ask could you go beyond \nwhat you submitted in your testimony or even said orally, but \nare there any other final areas of concern in Federal IT reform \nthat are not getting enough air time? What are the things that \nmight be flying under the radar, if any, that could come back \nto bite us later on down the road? We will just close with that \none.\n    Mr. O\'Keeffe, any last thought there on that?\n    Mr. O\'Keeffe. Well, I think a couple points. Cybersecurity \nis not in the 25-point plan, and the comment from Mr. Kundra is \nthat it is baked into everything. Teri Takai, the CIO for the \nDepartment of Defense, asked that question when the 25-point \nplan was revealed, so I think we need to make sure that we are \nmindful of what is going on in security.\n    I think the feedback to date on FedRAMP has not been \nterrific, and so there is an opportunity to do better.\n    I think it is great that GSA is listening to the feedback \nfrom its colleagues in government.\n    I think the biggest thing to fear is fear itself and that \nwe need to recognize this is changing very quickly. This whole \ncommunity is changing very quickly. We need to be mindful of \nwhat can be a Luddite mentality. The people who oppose some of \nthese changes are often referred to as ``box huggers,\'\' people \nthat want their PC wherever it may be and they want to be able \nto go touch it.\n    If you look at what has happened in the automotive \nindustry, there is going to be significant change in industry. \nAt one point there were Packards and there were Bugattis and \nthere were a whole series of different cars, Tuckers and what \nyou will. And ultimately we are going to consolidate that in \nthe IT market to a number of players that we cannot subsist.\n    And I think in closing if we do not change--here was a \nsuperpower at one time that----\n    Senator Carper. There was a what?\n    Mr. O\'Keeffe. There was a superpower at one time that was \nstructured under a monarchy and did not really recognize the \nvalue of democracy. And there was a revolution that you are \nprobably aware of, which established a new superpower. And I \nthink what we need to do is to recognize that the world is \nchanging, and if we try to hang onto the way of the past in our \nsociety and also specifically in the IT changes that will \nenable that, then it will not be good for our future.\n    Senator Carper. All right. Thank you. Mr. Sood.\n    Mr. Sood. That is an excellent question, and I appreciate \nthe opportunity to address it.\n    I think in many respects we in the Beltway get really \nfocused on federally specific issues, and we are very insular \nin that nature. I think in many respects we need to take a step \nback and see what we can learn from others, see what we can \nlearn in the 50 labs of innovation that take place across State \nand local government and see what we can learn from global \npublic sector central governments like the United Kingdom or \nAustralia and what they are doing with their technology \ninnovation. Or even take some of the lessons, as I mentioned in \nmy written testimony, of commercial best practices and really \nnot adopt them in government but adapt them for the best \npractices within government. I think that is sort of a \nfundamental issue that we could use more enlightenment on, \nshine more of a spotlight on, as to what are really the \ninnovations that are taking place outside of the Federal \nGovernment here that we could be learning from.\n    Senator Carper. OK. Good. Thanks.\n    Mr. Grasso, you get the last word.\n    Mr. Grasso. Throughout this discussion, I have heard the \nterm ``compliance\'\' used quite a bit, and I would offer that \ncompliance is necessary but it is not sufficient. We need to do \nthings right, but we need to also do the right thing.\n    So earlier in this discussion we talked about FISMA \ncompliance with Google. What I would tell you is when it comes \nto compliance, compliance is often based on a number of \nexperiences and best practices and, thus, a set of processes to \navoid issues that were seen in the past.\n    When you look at topics like cybersecurity, if you comply, \nyou will avoid past problems. But it is not sufficient because \nwe are learning new things each and every day. So we need to do \nbusiness differently. So we need to go beyond simply \ncompliance. We need to create an environment where we empower \nindividuals to take the initiative, to assume that change, if \nyou are doing the right thing, is actually a good thing.\n    We talked about incentives earlier. Many individuals are \nincentivized to strictly comply to all of the rules. It puts \nthem inside of a box, if you will, and sometimes while they are \ndoing things right per the process, they are not necessarily \ndoing the right thing.\n    So I think we just need to be very, very careful. We talk \nabout this plan being really a plan of change. We need to \ncreate an environment and a culture where change is acceptable \nand that we learn from our failures so that, in fact, we can \nsucceed with the changes that we plan in the future.\n    Senator Carper. Well, my thanks, our thanks really to each \nof you for coming back and testifying before us today and in a \nnumber of cases and for really giving us a lot to think about \nand, frankly, a lot to help us.\n    You mentioned in your last comment there, you mentioned the \nword ``culture,\'\' and one of the things that I am endeavoring \nto do and this Subcommittee is actually endeavoring to do, is \nto try to change-bit-by-bit the culture in our government. And \nI said earlier in my opening remarks, I believe I mentioned, a \nlot of people think we operate under a culture of spendthrift, \nand what we are trying to do is to move away from that toward a \nculture of thrift where we really ask the question, ``Is \npossible to get better results for less money or for not much \nmore money.\'\' And I think in most cases it is.\n    One of the ways it has dawned on me is that one of the ways \nto get better results for less money is just by doing a better \njob in the way we develop and build these IT projects. That can \nreally help us a lot. That is sort of a basic concept to \nunderstand, but it is really true.\n    So thank you all. I am going to followup with a few more \nquestions in writing. One of the questions I will probably \nfollowup in writing is: Some of the witnesses said very \ncomplementary things about our legislation, which Senators \nBrown, Collins, Lieberman, and I have introduced. I really \nwould welcome your thoughts if there are some things that are \nmissing or some things that ought to be taken out. So we are \nalways interested in constructive criticism.\n    Again, thanks for your testimony and for helping to light \nthe way for us here in the Legislative Branch.\n    With that, we are adjourned. Thank you.\n    [Whereupon, at 12:56 p.m., the Subcommittee was adjourned.]\n\n\n                            A P P E N D I X\n\n                              ----------                              \n\n[GRAPHIC] [TIFF OMITTED] T7128.001\n\n[GRAPHIC] [TIFF OMITTED] T7128.002\n\n[GRAPHIC] [TIFF OMITTED] T7128.003\n\n[GRAPHIC] [TIFF OMITTED] T7128.004\n\n[GRAPHIC] [TIFF OMITTED] T7128.005\n\n[GRAPHIC] [TIFF OMITTED] T7128.006\n\n[GRAPHIC] [TIFF OMITTED] T7128.007\n\n[GRAPHIC] [TIFF OMITTED] T7128.008\n\n[GRAPHIC] [TIFF OMITTED] T7128.009\n\n[GRAPHIC] [TIFF OMITTED] T7128.010\n\n[GRAPHIC] [TIFF OMITTED] T7128.011\n\n[GRAPHIC] [TIFF OMITTED] T7128.012\n\n[GRAPHIC] [TIFF OMITTED] T7128.013\n\n[GRAPHIC] [TIFF OMITTED] T7128.014\n\n[GRAPHIC] [TIFF OMITTED] T7128.015\n\n[GRAPHIC] [TIFF OMITTED] T7128.016\n\n[GRAPHIC] [TIFF OMITTED] T7128.017\n\n[GRAPHIC] [TIFF OMITTED] T7128.018\n\n[GRAPHIC] [TIFF OMITTED] T7128.019\n\n[GRAPHIC] [TIFF OMITTED] T7128.020\n\n[GRAPHIC] [TIFF OMITTED] T7128.021\n\n[GRAPHIC] [TIFF OMITTED] T7128.022\n\n[GRAPHIC] [TIFF OMITTED] T7128.023\n\n[GRAPHIC] [TIFF OMITTED] T7128.024\n\n[GRAPHIC] [TIFF OMITTED] T7128.025\n\n[GRAPHIC] [TIFF OMITTED] T7128.026\n\n[GRAPHIC] [TIFF OMITTED] T7128.027\n\n[GRAPHIC] [TIFF OMITTED] T7128.028\n\n[GRAPHIC] [TIFF OMITTED] T7128.029\n\n[GRAPHIC] [TIFF OMITTED] T7128.030\n\n[GRAPHIC] [TIFF OMITTED] T7128.031\n\n[GRAPHIC] [TIFF OMITTED] T7128.032\n\n[GRAPHIC] [TIFF OMITTED] T7128.033\n\n[GRAPHIC] [TIFF OMITTED] T7128.034\n\n[GRAPHIC] [TIFF OMITTED] T7128.035\n\n[GRAPHIC] [TIFF OMITTED] T7128.036\n\n[GRAPHIC] [TIFF OMITTED] T7128.037\n\n[GRAPHIC] [TIFF OMITTED] T7128.038\n\n[GRAPHIC] [TIFF OMITTED] T7128.039\n\n[GRAPHIC] [TIFF OMITTED] T7128.040\n\n[GRAPHIC] [TIFF OMITTED] T7128.041\n\n[GRAPHIC] [TIFF OMITTED] T7128.042\n\n[GRAPHIC] [TIFF OMITTED] T7128.043\n\n[GRAPHIC] [TIFF OMITTED] T7128.044\n\n[GRAPHIC] [TIFF OMITTED] T7128.045\n\n[GRAPHIC] [TIFF OMITTED] T7128.046\n\n[GRAPHIC] [TIFF OMITTED] T7128.047\n\n[GRAPHIC] [TIFF OMITTED] T7128.048\n\n[GRAPHIC] [TIFF OMITTED] T7128.049\n\n[GRAPHIC] [TIFF OMITTED] T7128.050\n\n[GRAPHIC] [TIFF OMITTED] T7128.051\n\n[GRAPHIC] [TIFF OMITTED] T7128.052\n\n[GRAPHIC] [TIFF OMITTED] T7128.053\n\n[GRAPHIC] [TIFF OMITTED] T7128.054\n\n[GRAPHIC] [TIFF OMITTED] T7128.055\n\n[GRAPHIC] [TIFF OMITTED] T7128.056\n\n[GRAPHIC] [TIFF OMITTED] T7128.057\n\n[GRAPHIC] [TIFF OMITTED] T7128.058\n\n[GRAPHIC] [TIFF OMITTED] T7128.059\n\n[GRAPHIC] [TIFF OMITTED] T7128.060\n\n[GRAPHIC] [TIFF OMITTED] T7128.061\n\n[GRAPHIC] [TIFF OMITTED] T7128.062\n\n[GRAPHIC] [TIFF OMITTED] T7128.063\n\n[GRAPHIC] [TIFF OMITTED] T7128.064\n\n[GRAPHIC] [TIFF OMITTED] T7128.065\n\n[GRAPHIC] [TIFF OMITTED] T7128.066\n\n[GRAPHIC] [TIFF OMITTED] T7128.067\n\n[GRAPHIC] [TIFF OMITTED] T7128.068\n\n[GRAPHIC] [TIFF OMITTED] T7128.069\n\n[GRAPHIC] [TIFF OMITTED] T7128.070\n\n[GRAPHIC] [TIFF OMITTED] T7128.071\n\n[GRAPHIC] [TIFF OMITTED] T7128.072\n\n[GRAPHIC] [TIFF OMITTED] T7128.073\n\n[GRAPHIC] [TIFF OMITTED] T7128.074\n\n                                 <all>\n\x1a\n</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>\n'