[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]









             REVIEWING CHALLENGES IN FEDERAL IT ACQUISITION

=======================================================================

                             JOINT HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                         INFORMATION TECHNOLOGY

                                AND THE

                            SUBCOMMITTEE ON
                         GOVERNMENT OPERATIONS

                                 OF THE

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             MARCH 28, 2017

                               __________

                            Serial No. 115-4

                               __________

Printed for the use of the Committee on Oversight and Government Reform


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]





         Available via the World Wide Web: http://www.fdsys.gov
                      http://www.house.gov/reform
                      

                                   ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

25-715 PDF                     WASHINGTON : 2017 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001
                      
                      
                      
                      
                      
                      
                      
                      
                      
                      
                      
                      
                      
              Committee on Oversight and Government Reform

                     Jason Chaffetz, Utah, Chairman
John J. Duncan, Jr., Tennessee       Elijah E. Cummings, Maryland, 
Darrell E. Issa, California              Ranking Minority Member
Jim Jordan, Ohio                     Carolyn B. Maloney, New York
Mark Sanford, South Carolina         Eleanor Holmes Norton, District of 
Justin Amash, Michigan                   Columbia
Paul A. Gosar, Arizona               Wm. Lacy Clay, Missouri
Scott DesJarlais, Tennessee          Stephen F. Lynch, Massachusetts
Trey Gowdy, South Carolina           Jim Cooper, Tennessee
Blake Farenthold, Texas              Gerald E. Connolly, Virginia
Virginia Foxx, North Carolina        Robin L. Kelly, Illinois
Thomas Massie, Kentucky              Brenda L. Lawrence, Michigan
Mark Meadows, North Carolina         Bonnie Watson Coleman, New Jersey
Ron DeSantis, Florida                Stacey E. Plaskett, Virgin Islands
Dennis A. Ross, Florida              Val Butler Demings, Florida
Mark Walker, North Carolina          Raja Krishnamoorthi, Illinois
Rod Blum, Iowa                       Jamie Raskin, Maryland
Jody B. Hice, Georgia                Peter Welch, Vermont
Steve Russell, Oklahoma              Matt Cartwright, Pennsylvania
Glenn Grothman, Wisconsin            Mark DeSaulnier, California
Will Hurd, Texas                     John Sarbanes, Maryland
Gary J. Palmer, Alabama
James Comer, Kentucky
Paul Mitchell, Michigan

                   Jonathan Skladany, Staff Director
                  Rebecca Edgar, Deputy Staff Director
                    William McKenna, General Counsel
                      Julie Dunne, Senior Counsel
                         Kiley Bidelman, Clerk
                 David Rapallo, Minority Staff Director
                 Subcommittee on Information Technology

                       Will Hurd, Texas, Chairman
Paul Mitchell, Michigan, Vice Chair  Robin L. Kelly, Illinois, Ranking 
Darrell E. Issa, California              Minority Member
Justin Amash, Michigan               Jamie Raskin, Maryland
Blake Farenthold, Texas              Stephen F. Lynch, Massachusetts
Steve Russell, Oklahoma              Gerald E. Connolly, Virginia
                                     Raja Krishnamoorthi, Illinois

                                 ------                                

                 Subcommittee on Government Operations

                 Mark Meadows, North Carolina, Chairman
Jody B. Hice, Georgia, Vice Chair    Gerald E. Connolly, Virginia, 
Jim Jordan, Ohio                         Ranking Minority Member
Mark Sanford, South Carolina         Carolyn B. Maloney, New York
Thomas Massie, Kentucky              Eleanor Holmes Norton, District of 
Ron DeSantis, Florida                    Columbia
Dennis A. Ross, Florida              Wm. Lacy Clay, Missouri
Rod Blum, Iowa                       Brenda L. Lawrence, Michigan
                                     Bonnie Watson Coleman, New Jersey
                                     
                                     
                                     
                                     
                                     
                                     
                                     
                                     
                                     
                                     
                                     
                                     
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on March 28, 2017...................................     1

                               WITNESSES

Mr. David A. Powner, Director, IT Management Issues, U.S. 
  Government Accountability Office
    Oral Statement...............................................     6
    Written Statement............................................     9
Mr. Richard A. Spires, Chief Executive Officer and Director, 
  Learning Tree International, Inc.
    Oral Statement...............................................    33
    Written Statement............................................    35
Mr.Venkatapathi Puvvada, President, Unisys Federal Systems, and 
  Board Member of the Professional Services Council
    Oral Statement...............................................    44
    Written Statement............................................    46
Mr. A. R. Hodgkins, III, Senior Vice President, Information 
  Technology Alliance for Public Sector, Information Technology 
  Industry Council
    Oral Statement...............................................    63
    Written Statement............................................    65
Ms. Deidre Lee, Director, IT Management Issues, and Chair of 
  Section 809 Panel
    Oral Statement...............................................    78
    Written Statement............................................    80

                                APPENDIX

Questions for the Record for Mr. David Powner, submitted by Ms. 
  Kelly and Mr. Connolly.........................................    94
Questions for the Record for Mr. Richard Spires, submitted by Mr. 
  Hurd, Mr. Meadows, and Ms. Kelly...............................   101
Questions for the Record for Mr. Venkatapathi Puvvada, submitted 
  by Mr. Hurd, Mr. Meadows, Ms. Kelly, and Mr. Connolly..........   122
Questions for the Record for Mr. Trey Hodgkins, submitted by Mr. 
  Hurd, Mr. Meadows, Ms. Kelly, and Mr. Connolly.................   131
Questions for the Record for Ms. Deirdre Lee, submitted by Mr. 
  Hurd, Mr. Meadows and Ms. Kelly................................   142

 
             REVIEWING CHALLENGES IN FEDERAL IT ACQUISITION

                              ----------                              


                        Tuesday, March 28, 2017

                  House of Representatives,
Subcommittee on Information Technology, joint with 
         the Subcommittee on Government Operations,
              Committee on Oversight and Government Reform,
                                                   Washington, D.C.
    The subcommittees met, pursuant to call, at 2:04 p.m., in 
Room 2154, Rayburn House Office Building, Hon. Will Hurd 
[chairman of the Subcommittee on Information Technology] 
presiding.
    Present from Subcommittee on Information Technology: 
Representatives Hurd, Issa, Russell, Kelly, Connolly, and 
Krishnamoorthi.
    Present from Subcommittee on Government Operations: 
Representatives Meadows, Blum, Hice and Connolly.
    Mr. Hurd. The Subcommittee on Information Technology and 
the Subcommittee on Government Operations will come to order. 
And without objection, the chair is authorized to declare a 
recess at any time.
    We are expecting a vote series at three o'clock, so we will 
get through as much as we can in this hour.
    I want to say, first off, good afternoon and welcome. This 
is the first IT Subcommittee of the 115th Congress. I am 
pleased to have my friend and colleague Robin Kelly at my side 
once again as the ranking member.
    In the 114th Congress, the subcommittee held hearings on a 
wide variety of technology issues, including encryption, cloud 
computing, health IT, the Federal IT workforce, and the 
cybersecurity of our election systems, among many others. We 
worked to establish a tone and a culture of bipartisanship on 
the subcommittee, and I am excited to work with the ranking 
member on a host of additional issues this Congress.
    This is also the first of what I am sure will be many joint 
subcommittee hearings between the IT Subcommittee and the 
Subcommittee on Government Operations. I have appreciated 
working with the Government Operations Subcommittee, Mr. 
Meadows and Mr. Connolly on the FITARA scorecard and the DATA 
Act and on numerous other issues.
    Reforming our outdated acquisition laws and regulations to 
reflect the realities of commerce in the digital age is a 
priority for this subcommittee this Congress. Today's hearing 
will set the foundation for additional, more targeted 
oversight. It is time that we align the best practices of 
industry with the Federal Government when it comes to IT 
acquisition and deployment.
    The stated purpose of the Federal acquisition system is to, 
and I quote, ``to provide the Federal Government with an 
economical and efficient system,'' end quote, to procure goods 
and services. Today, the complexity of the Federal acquisition 
system fails to meet this objective.
    Some examples: As of July 2014, the Federal Acquisition 
Regulation, or FAR, had over 2,000 pages. In addition to the 
FAR, individual agencies have supplemental acquisition 
regulations, guidance, instructions, and policy directives. For 
example, GSA has the GSAM, GSA acquisition manual; and DOD has 
Instruction 5000 on operation of the Defense Acquisition 
System. And there have been multiple executive orders imposing 
additional requirements on the private sector, further 
increasing compliance costs. It is no wonder that the number of 
first-time Federal vendors has fallen to a 10-year low down 
from 24 percent in 2007 to only 13 percent in 2016.
    And penalties for even inadvertent violations of this 
morass of red tape can be steep, including audits, lawsuits, 
multimillion-dollar settlements, inspector general 
investigations, and bad publicity. Companies of any size who 
may initially have an idea or product of use to the Federal 
Government get discouraged trying to navigate the red tape and 
direct their energies elsewhere. Startups often don't even try. 
They can't afford the lawyers.
    These inefficiencies are costly to American taxpayers and 
prevent innovative technology from being property utilized in 
the Federal Government. Yet with great challenges come great 
opportunities. Reforming our acquisition system so that the 
Federal Government can properly adopt a buy, not built, 
approach will result in cost savings, technological 
advancement, and improved security for our Federal systems.
    I thank the witnesses for joining us here today, and I look 
forward to their testimony.
    Mr. Hurd. I would like to now recognize Ms. Kelly, the 
ranking member of the Subcommittee on Information Technology, 
from the great State of Illinois for her opening statement.
    Ms. Kelly. Thank you, Mr. Chairman. And I look forward to 
another two years of great productivity from our very 
bipartisan committee. And thank you, Chairman Meadows and 
Ranking Member Connolly, for your continued leadership and 
partnership as our subcommittees continue working together to 
improve how Federal agencies manage their information 
technology projects.
    The Government Accountability Office's 2017 high-risk 
report makes clear the continued challenges agencies are facing 
when managing their IT acquisitions. GAO states, and I quote, 
``Federal IT investments too frequently fail or incur cost 
overruns and schedule slippages while contributing little to 
mission-related outcomes.'' GAO's report highlights the need 
for President Trump's administration to strengthen, not hinder, 
IT acquisition reform.
    The President's action and inaction in certain key areas is 
likely to have the opposite effect and threaten to undermine 
agency efforts to improve in their management of IT 
investments. First, on January 23rd, 2017, President Trump 
issued an order freezing Federal employee hiring. GAO has 
reported in the past that hiring freezes have, and I quote, 
``disrupted agency operations and in some cases increased cost 
to the government.'' A hiring freeze impairs the ability of 
agencies to attract new and talented computer programmers and 
engineers that could help close any of the skill gaps currently 
existing at the agencies. It will likely exacerbate rather than 
remedy the challenges agencies report facing when it comes to 
hiring the most skilled tech-savvy workforce, making these 
agencies not only less productive but less effective.
    Second, the President's continued delay in filling key IT 
leadership positions deprives the government of the leadership 
commitment needed to carry out IT acquisition reform. Notably, 
to date the President has not named a new Federal chief 
information officer to replace Tony Scott, who departed from 
the position earlier this year. As GAO's high-risk report makes 
clear, having a Federal CIO in place is critical to ensuring 
that agencies are being provided the necessary guidance to 
improve in their management of IT investments.
    Nor has the President nominated a director of the Office of 
Personnel Management, an agency that plays a critical role in 
securing highly sensitive information and background data on 
over two million Federal employees. Last month, this committee 
sent a bipartisan letter to the President urging him to, and I 
quote, ``nominate without delay a highly qualified director to 
lead the Office of Personnel Management.'' To date, the 
President has not acted in response to this committee's 
request.
    Finally, it is unclear whether the Trump administration 
will follow through with issuing critical guidance that would 
assist agencies in improving the scope of cybersecurity 
protections in Federal acquisitions. This guidance was first 
developed under the Obama administration and reportedly close 
to being finalized by the Office of Management and Budget last 
year. Earlier today, myself along with Chairman Hurd and 
Ranking Member Connolly, wrote to OMB to request information on 
the status of issuing this important guidance. We look forward 
to receiving OMB's response.
    I want to thank the witnesses for testifying today. We have 
a lot of work ahead to improve upon our Federal IT acquisition 
processes. Your expertise and recommendations will be 
invaluable to our committee as we examine ways in which to help 
the Federal Government improve in its management of IT 
acquisitions and operations. Thank you much, Mr. Chair.
    Mr. Hurd. Thank you. I now recognize Mr. Hice, the vice 
chairman of the Subcommittee on Government Operations, for his 
opening statements.
    Mr. Hice. Thank you very much, Mr. Chairman. It is an honor 
to be here with you and with Ranking Member Ms. Kelly and Mr. 
Connolly, ranking member of the Government Operations 
Subcommittee.
    This whole issue of Federal acquisition system is 
complicated, slow to deliver, does not encourage innovation. I 
have got a quote here that I would like to read. It says, ``The 
Federal Government continues to operate old, obsolete computer 
systems while it has wasted billions of dollars in failed 
computer modernization efforts. Replacing antiquated computer 
systems has met with little success because of poor management, 
inadequate planning, and an acquisition process that is too 
cumbersome to competitively purchase computer technology before 
it is obsolete. Efforts by the government to provide greater 
efficiency and service to the American people will certainly 
fail unless the process for buying information technology is 
improved.''
    Now, any of us could probably take a stab at who made that 
statement. It certainly applies incredibly to our situation 
today, but that is a quote from 1994, a report by then-Senator 
Cohen called ``Computer Chaos: Billions Wasted Buying Federal 
Computer Systems.'' This state of affairs has led to what is 
widely known as the Clinger-Cohen Act of 1996 to improve the 
way the government bought IT. There certainly has been progress 
since 1996, but today, we face similar challenges in the IT 
acquisition process.
    Large Federal Government IT investments can take years to 
execute while private sector rewards speed and innovation. 
William Lynn, former DOD Deputy Secretary, estimated that the 
Pentagon can take 81 months to develop and make operational a 
new computer system once it was funded while the iPhone was 
developed in just 24 months. It is amazing.
    The failure to deliver innovation in a timely manner cannot 
continue. The failure to encourage innovation puts our country 
at risk in a variety of ways and particularly so in securing 
our Federal IT systems. We spend over $80 billion annually on 
IT, but 75 percent of this spending is for legacy IT. This just 
can't continue. Failure to modernize Federal IT means that we 
will continue to spend more on outdated IT, and our Federal IT 
will be subject to security vulnerabilities.
    This committee has spent significant time making sure that 
agencies implement the Federal IT Acquisition Reform Act, 
FITARA, because it does empower agency CIOs to make them more 
accountable for budget and acquisition decisions. FITARA 
implementation is a big part of IT acquisition reform, but it 
will not fix all things wrong with the Federal acquisition 
system.
    And that is why I am pleased, Mr. Chairman, to be here 
today and to hear more from our experts about IT acquisition 
challenges that they see and what Congress can do to improve 
the situation. I thank each of our witnesses for being here 
with us today. I look forward to hearing from you.
    And with that, Mr. Chairman, I yield.
    Mr. Hurd. Thank you. I would now like to thank again the 
witnesses for being here. And I am going to hold the record 
open for five legislative days for any members who would like 
to submit a written statement.
    And I would also like to thank the panelists. This was a 
rescheduled hearing, and I know, Ms. Lee, you flew up from 
South Carolina to be here and the meeting didn't happen, but 
thank you for being here again.
    I would now recognize our panel of witnesses. And when 
Gerry Connolly gets here, we will let him do his opening 
remarks.
    One of my favorite witnesses--I know I am not supposed to 
have favorites--but David Powner, director for IT Management 
Issues at the U.S. Government Accountability Office. Thanks for 
your leadership at GAO and all that you do.
    Another person that is not a stranger to this committee, 
Richard Spires, chief executive officer and director at 
Learning Tree International, Incorporated; and former CIO for 
the IRS and Department of Homeland Security.
    Mr. Venkatapathi Puvvada, or P.V., is the president of 
Unisys Federal Systems. He also currently served on the Board 
of Directors of the Professional Services Council. Thank you 
for being here.
    Trey Hodgkins, III, another repeat offender, senior vice 
president for the Information Technology Alliance for Public 
Sector, ITAPS, which is part of the Information Technology 
Industry Council.
    And last but not least, Ms. Deidre ``Dee'' Lee, director of 
IT Management Issues and the chair of the Section 809 Panel. 
Previously, Ms. Lee was also a senior procurement official at 
NASA, DOD, and DHS.
    Welcome to you all. And pursuant to committee rules, all 
witnesses will be sworn in before they testify. So please rise 
and raise your right hand.
    [Witnesses sworn.]
    Mr. Hurd. Thank you. Please be seated.
    And let the record reflect that the witnesses answered in 
the affirmative.
    In order to allow for discussion, we would appreciate if 
you would please limit your opening testimony to five minutes, 
and your entire written statement will be made part of the 
record.
    We will go ahead and go with Mr. Powner and then maybe to 
Mr. Connolly. Oh, you want to go now. You ready?
    Mr. Connolly. Whatever the pleasure of the chairman.
    Mr. Hurd. Well, let's go to Mr. Connolly then. Mr. 
Connolly, you are now recognized for your opening five minutes 
before we turn the show over to Mr. Powner.
    Mr. Connolly. Thank you, Mr. Chairman. And I am sorry I was 
delayed. I am meeting with a huge number of constituents from 
APEC. You probably are both experiencing the same. And it just 
went over. So I am so sorry.
    Welcome to our panel. And thank you, Mr. Chairman and 
Ranking Member Kelly and my counterpart Mr. Meadows and good 
friend, for holding a hearing to examine the challenges we face 
with respect to IT acquisitions.
    As I have pointed out before, the Federal Government lags 
behind the private sector in many if not most aspects of IT 
modernization and the management of IT investments. As the 
ranking member on Government Ops here in this committee, I have 
worked to introduce and pass several types of legislation aimed 
directly at trying to address those shortcomings, most notably, 
of course, FITARA, or as it is commonly called, Issa-Connolly.
    [Laughter.]
    Mr. Connolly. Connolly-Issa even has a better ring, but I 
am not going there. That is for you to say, Mr. Powner, not for 
me.
    Since the passage of FITARA, our subcommittees have issued 
three biannual scorecards to ensure that it is properly 
implemented. As I firmly believe, this legislation will provide 
agencies with greater support for making the necessary 
improvements in how they buy and deploy technology. It is 
rather unfortunate that instead of providing agencies with 
additional tools to strengthen their management of IT 
acquisitions, we have a hiring freeze now that would make I 
think it more difficult for agencies to improve in this area.
    A talented and highly skilled Federal workforce is needed 
to tackle the difficult challenge of modernizing Federal IT, 
and there is a skillset that goes along with that. A hiring 
freeze does nothing but I think damage agencies in their 
efforts to recruit and retain individuals with the knowledge, 
skills, and experience to manage many of today's IT 
investments. When even the private sector reports facing a 
critical challenge in hiring qualified IT personnel and 
cybersecurity professionals, it is difficult to see how a 
hiring freeze works to our advantage at least in this realm.
    The irony is the hiring freeze comes at a time when the 
White House announced just yesterday the creation of a new 
office, the White House Office of American Innovation. 
According to the Washington Post, one of the key areas that new 
office would be responsible for handling would be, and I quote, 
``modernizing the technology and data infrastructure of every 
Federal department and agency,'' something this committee and 
these two subcommittees have been preoccupied with for quite 
some time.
    And, by the way, we welcome that. I mean, that would be 
great. And if it is Jared Kushner and we can sit down with him 
and talk about our goals and his goals, I think there is a real 
opportunity for bipartisan common ground as we have achieved 
here in this committee.
    In 1982 the GAO determined that Federal hiring freezes 
instituted by former Presidents Carter and Reagan were not 
particularly effective and tended to disrupt agency operations 
and in some cases even increase cost to government.
    So we need to be careful. We need to make selective 
exceptions if we are going to have an across-the-board hiring 
freeze. And I think IT management and procurement and 
acquisition is one of them. It is a skillset that is badly 
needed, and we need to be frankly bulking up with both the 
modernization of IT management and procurement and on the 
cybersecurity front.
    So I look forward to hearing from our witnesses today, glad 
to be back with my partners, Mr. Meadows, Mr. Hurd, and Ms. 
Kelly, and look forward to your testimony. Thank you, Mr. 
Chairman.
    Mr. Hurd. Thank you, Mr. Connolly.
    Now, I would like to recognize Mr. Powner for his five-
minute opening statement.

                       WITNESS STATEMENTS

                  STATEMENT OF DAVID A. POWNER

    Mr. Powner. Chairman Hurd, Chairman Meadows, Ranking 
Members Kelly and Connolly, and members of the subcommittees, 
thank you for inviting us to testify on Federal IT 
acquisitions.
    Failed acquisitions are well documented over the years, and 
the reasons are clear: unclear accountability, big-bang 
waterfall approaches, OMB not playing a critical role, 
agencies' insufficient oversight, and the government's 
inability to effectively leverage industry.
    This afternoon, I'd like to discuss practical solutions to 
each of these areas, many of which are grounded in FITARA. I'd 
like to start by focusing on a recent IT acquisition success 
story with the November launch of NOAA's geostationary 
satellite. Despite some cost overruns and launch delays, this 
weather satellite is providing images and information that will 
greatly enhance our nation's weather warnings.
    I'd like to note that most IT acquisitions do not have this 
level of complexity and that the Federal Government needs to 
build off of modernization efforts like this starting with 
accountability and authorities. In the latest FITARA self-
assessments, more than half of the 24 CIOs reported that they 
do not have complete authority over IT acquisitions. This 
includes large departments like DHS, Energy, HHS, 
Transportation, and VA.
    Only about one-third of the CIOs told us during our ongoing 
work for this committee that they have the authority to stop 
any project that is not going well. FITARA has clearly raised 
the profiles of some CIOs and improved their authorities, but 
many are still not viewed as part of the executive team. We 
need to keep making progress on CIO authorities, and this will 
only change significantly if CIOs have support from Secretaries 
and Dep Secretaries and solid relationships with CFOs and chief 
acquisition officers. Otherwise, agencies will continue to make 
modest progress on their authorities.
    Turning to incremental development, our ongoing work for 
this committee shows that about 60 percent of the IT projects 
are taking an incremental approach, but this percentage is not 
improving since previous years. FITARA requires that CIOs 
certify adequate use of incremental development, but our work 
shows that only three of 24 agencies have a policy to do so. 
More agencies need a policy, and OMB needs to formalize this 
process so that more IT projects are tackling these deliveries 
in smaller increments. Having 40 percent of our IT projects not 
using an accepted practice is unacceptable.
    Next, the importance of OMB leadership and the critical 
role of the Federal CIO. In addition to ensuring that agencies 
expand on their incremental development efforts, there are 
three additional areas where OMB can significantly help with 
the delivery of IT acquisitions. One, OMB needs to follow up on 
the FITARA self-assessments to ensure that the CIOs progress on 
authorities is continuing.
    Two, OMB needs to bring back the tech stat reviews on IT 
acquisitions to ensure that agency executives can answer to the 
White House on our nation's most important IT acquisitions.
    And three, OMB needs to provide to the Congress the list of 
the top IT acquisitions for the Nation and their current 
status.
    Recent history tells us that when OMB is involved with this 
oversight, progress occurs. It's also fair to say that we've 
taken some steps backwards on progress in these areas towards 
the end of the prior administration and with the recent change 
in administrations. Congress needs to continue to push OMB to 
play this critical role, and GAO plans to do our part following 
up on our high-risk area and detailed reviews for this 
committee.
    Next, agencies need to bolster the oversight of 
acquisitions in the IT workforce. We wholeheartedly agree with 
Mr. Spires' recommendations to strengthen agencies' governance 
and program management. In addition, our recent work for this 
committee on how agencies assess and address their IT workforce 
shows that much work is needed here, including how cyber needs 
are addressed. We would welcome the opportunity to review all 
24 Departments' efforts to assess and address their IT 
workforce needs. In fact, this could be something incorporated 
into future scorecards.
    Finally, the government needs to effectively leverage 
industry. Two areas to mention are, one, better integrating 
private sector expertise from teams like USDS and 18F into the 
Federal workforce more than what was previously done; and two, 
buying more and building less and going with more cloud 
solutions and proven commercial products.
    In conclusion, Federal IT acquisitions need clear 
accountability tackled in smaller increments, OMB's help, 
stronger agency management, and better industry partnering to 
ensure more success. I would like to thank both subcommittees 
for your continued leadership on Federal IT issues.
    [Prepared statement of Mr. Powner follows:]
    
  [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
  
    
    Mr. Hurd. Thank you, sir, and thank you for your service.
    Mr. Spires, you are now recognized for five minutes.

                 STATEMENT OF RICHARD A. SPIRES

    Mr. Spires. Thank you. Good afternoon, Chairmen Hurd and 
Meadows, Ranking Members Kelly and Connolly, and members of the 
subcommittees. I'm honored to testify today in regards to 
improving IT acquisition. And I wanted to acknowledge the great 
work and leadership of these subcommittees in addressing the 
issues of improving Federal IT and in particular your work on 
FITARA.
    Since I served as the CIO of the IRS and later at DHS, my 
experience has given me insights to present practical 
recommendations that address the issues agencies face in 
acquiring IT. The reality is that acquiring a commodity item 
like ordering a telecommunications circuit or buying a laptop 
is very different than acquiring a new mission-critical system 
that requires custom software development. We need to look at 
the various categories of IT acquisitions and address 
recommendations for improvement for each category. As such, I 
offer five recommendations that address the range of IT 
acquisitions that government agencies conduct.
    Much of what agencies acquire is commodity IT, purchasing 
that involves little acquisition risk, yet many agencies do not 
manage their inventory of hardware and software assets well, 
resulting in both overbuying and not effectively leveraging 
agency buying power.
    There are significant near-term cost savings in this 
category. My first recommendation is that Congress include 
commodity IT purchase metrics in the FITARA scorecard. The 
agency's CIO, with the authorities of FITARA, should develop a 
comprehensive and accurate inventory of all agency commodity 
hardware and software assets and optimize buying based on 
agency needs.
    Further, the agency's CIO should develop enterprise 
purchasing arrangements for their top IT vendors or, as 
appropriate, leverage the GSA category management and shared 
service initiatives.
    Many IT acquisitions require integration to deliver a new 
or upgraded service capability. Some of these acquisitions are 
quite significant and are captured as programs on the OMB IT 
dashboard. Yet the vast majority of acquisitions are IT 
projects that are the lifeblood of what an organization does 
day in and day out. But developing an agency competency in 
project management takes a lot more than just having certified 
project managers. An agency needs government staff with the 
capabilities and skills in numerous disciplines and a culture 
recognizing the importance of project management.
    My second recommendation is that the administration and 
Congress ensure that the Program Management Accountability 
Improvement Act is properly implemented in agencies. This act, 
signed into law this past December, can help address the 
project management issues in agencies but only if there's a 
sustained effort to build a cadre of government staff with the 
skills and experience to manage IT projects and programs.
    As part of significantly improving their overall IT 
capabilities, agencies need to modernize their IT 
infrastructure as one of their highest priorities. My third 
recommendation is that the administration, with congressional 
oversight, require agencies to implement a modern IT 
infrastructure over a three-year time frame. Given the advances 
in IT security, most agencies should skip data center 
consolidation and move wholesale to the use of a modern 
FedRAMP-approved cloud-based infrastructure. Agencies should be 
able to derive 20 to 30 percent savings in IT infrastructure 
spend.
    The riskiest IT acquisitions are the large IT application 
programs that should be on the IT dashboard. I have found that 
delivering such programs requires a strong collaboration 
amongst key organizations in an agency, proper skills and a 
robust governance model to facilitate effective decision-
making. Most Federal agencies do not have the institutional 
maturity to handle large-scale IT programs.
    My fourth recommendation is that agencies should be 
measured on their IT acquisition and program management 
maturity. OMB should mandate the use of an IT management 
maturity model that can measure agencies against an objective 
set of standards and best practices. Congress should 
incorporate key elements of the maturity model into the FITARA 
scorecard.
    My final recommendation is that Congress should reintroduce 
and enact the Modernizing Government Technology, or MGT Act. A 
key component of this act is the ability for agencies to 
establish working capital funds that could be used in funding 
IT modernization initiatives. The budget flexibility should 
enable agencies to shift resources saved through IT 
efficiencies into funding new modernization initiatives and 
enable program managers to more effectively plan and resource a 
program over multiple fiscal years.
    These five recommendations, if implemented with sustained 
focus from the administration with continual oversight from 
Congress, will substantially improve IT acquisition. The 
benefits of such changes would be many-fold, providing 
significant savings in IT spend but more importantly greatly 
helping agencies to better perform their missions.
    Thank you.
    [Prepared statement of Mr. Spires follows:]
 
 
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
   
     
    Mr. Hurd. Thank you, Mr. Spires. But you are burying the 
lead. I would have led with MGT as the first one.
    [Laughter.]
    Mr. Hurd. Mr. Puvvada, you are now recognized for five 
minutes.

               STATEMENT OF VENKATAPATHI PUVVADA

    Mr. Puvvada. Thank you. Good afternoon, Chairmen Hurd and 
Meadows, Ranking Members Kelly and Connolly, and members of the 
subcommittee. Thank you for inviting me to testify on behalf of 
the Unisys Corporation.
    The subject of today's hearing is critical to moving 
Federal Government towards IT modernization and leading-edge 
digital services that facilitate a good interaction between the 
government and citizens.
    Unisys is a global provider of industry-focused technology 
solutions integrated with leading-edge security to clients in 
the government, financial, and commercial sectors. This breadth 
of experience has placed our company at the frontlines of 
tackling significant challenges that come with the technology 
modernizations. Many of you deserve credit for recognizing the 
need for IT modernization and for crafting MGT Act in last 
Congress. We encourage you to do the same in this Congress.
    In my written testimony, I include statement--I include 
several key principles and best practices that are widely used 
during successful modernization initiatives. These include a 
reliance on commercial solutions, focus on reducing costs, and 
integrated capabilities to allow services to connect 
seamlessly.
    I also highlight private sector best practices of how CIOs 
can successfully transform their enterprises, for example, by 
establishing strong connectivity with their unit-level CIOs and 
CTOs and CSOs.
    To harness emerging innovations, it's important that the 
government attract and partner with the best and brightest IT 
solution providers. This allows us to tap into new capabilities 
such as service delivery--as service delivery models, agile 
development cloud computing cybersecurity, and other emerging 
technology solutions.
    Today, such partnerships are established through a system 
that in many cases is time-consuming and driven by processes 
rather than outcomes. Thus, the challenges to be addressed have 
as much to do with how the government buys as they do with what 
the government buys. Ultimately, acquisition is an enabler to 
agency mission delivery success.
    Unisys offers a number of recommendations that can improve 
upon the acquisition system we have today, creating a robustly 
competitive landscape central to ensuring government access to 
best-in-class innovations. Recommendations that I expand upon 
in my written statement include seven of the following:
    First, reemphasizing the preference for government's 
reliance on commercial solutions and continuing efforts to 
remove barriers and streamline processes for acquiring such 
solutions.
    Second, broadening consideration of potential vendors' past 
performance to include work performed for non-Federal clients 
so that commercial best practices can be brought over.
    Third, enhancing communication and collaboration within the 
government and between the government and industry to include 
improved communication among C-suite executives and one-on-one 
discussions with potential vendors, as well as meaningful 
debriefings with the bidders.
    Fourth, greater reliance by agencies on statement of 
objective instead of prescriptive statements of work and the 
adoption of innovation templates that providers--provides 
vendors with the flexibility to introduce innovations and focus 
on them.
    Fifth, encouraging vendors to provide demonstrations of new 
capabilities and emerging technologies through the performance 
of a contract.
    Sixth is focusing on value over price by limiting use of 
low-price technically acceptable evaluation criteria, 
particularly where non-commodity services are sought.
    And seventh, increasing use of downselects and multiple 
awardee contracts that enable and focus on past performance and 
capability instead of cost alone.
    Additionally, to harness innovation and achieve IT 
modernization goals and digital transformation, agencies must 
be staffed with an acquisition workforce that is equipped with 
the right skillsets and supporting resources. Unisys' 
perspective is that our smartest clients are our best clients. 
To that end, we encourage investment in the acquisition 
workforce to bolster capacity to procure IT solutions 
effectively.
    Language in FITARA requiring the development of IT 
acquisition cadres within the agencies is a step in the right 
direction. Also, shifting leadership mentality that encourages 
calculated risk-taking in agencies such as DHS is a very 
positive development. We're supportive of the expansion of the 
Procurement Innovation Labs across the government. We're 
particularly impressed by DHS Procurement Innovation Lab and 
HHS Buyers Club.
    In summary, we at Unisys believe government can make 
significant progress in addressing these technology challenges 
by focusing on investments in modernization, improvement in 
acquisition, enabling change in management and governance and 
training.
    This concludes my oral statement. Thank you. I look forward 
to answer questions.
    [Prepared statement of Mr. Puvvada follows:]
    
  [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
    Mr. Hurd. Thank you, sir.
    Mr. Hodgkins, you are recognized for five minutes.

                STATEMENT OF A.R. HODGKINS, III

    Mr. Hodgkins. Chairmen Hurd and Meadows and Ranking Members 
Kelly and Connolly, thank you for the opportunity to share our 
perspectives on challenges the Federal Government faces 
regarding information technology investment acquisition and 
management.
    There are many stakeholders, including these subcommittees, 
who should be applauded for their time and effort to reform 
acquisition over the last few years. The technology sector, 
however, has not found those efforts at reform to have had 
substantial effect, and in many cases they have only resulted 
in incremental changes addressing symptoms rather than the root 
problems of the dysfunctioning government acquisition.
    The IT Alliance for Public Sector has proposed to President 
Trump that the time is right to change the way the Federal 
Government acquires IT, and we would make the same suggestion 
to the subcommittees.
    IT modernization is the key to increasing cybersecurity for 
government networks. Further, acquisition reform is essential 
to modernized IT in the government and attain greater cyber 
assurance. In other words, we cannot have cybersecurity without 
IT modernization, and we cannot acquire the goods and services 
we need for either of these goals without changing the way we 
acquire IT. All three are inextricably linked.
    As this committee has identified, we are using IT systems 
that are now decades old. Many of the challenges with IT 
acquisition lie in processes that anticipated lengthy 
development to deliver a platform or solution for use over a 
long period of time. But that dynamic no longer works for IT. 
It capabilities and computing power are evolving and improving 
faster than the government can follow, underscoring the 
imperative for change. To deliver these new capabilities, 
modernized IT and better secure the government's networks, the 
time is right to reimagine the acquisition process.
    We recommend four areas of focus for the committee to begin 
the process of modernization and reform. Number one, assess and 
inventory the technologies we have today. We do not have a 
complete picture of the IT hardware and software the government 
currently owns and is using. Such an action serves several 
purposes. First, it uncovers exactly what the government owns 
and is using; second, it determines where vulnerabilities may 
exist and sets priorities for addressing them; and third, it 
will reveal what needs modernization and help identify 
solutions. Congress should use oversight to enforce existing 
inventory requirements and establish new requirements where 
there may be gaps.
    My second point is to identify meaningful funding for IT 
modernization. Last Congress, ITAPS strongly supported the 
efforts by Chairman Hurd, Ranking Member Connolly, and others 
to fashion a bipartisan means of funding IT investment, and we 
encourage their continued focus on this problem.
    The funding challenge Congress must resolve is that 
agencies either have the appropriations to continue operating 
the IT investments they have already made or fund investments 
in modernization, but they do not have enough funds for both. 
Without such a change, the Federal Government will be unable to 
modernize IT or effectively protect networks and systems from 
cyber threats.
    Third, invest in a tech-savvy workforce. While there are 
many smart and tech-savvy IT personnel within the Federal 
Government, there are simply not enough of them. Congress 
should focus on establishing better IT training and digital 
capabilities for existing personnel to make them more tech-
savvy, regardless of their role. Congress should also work to 
unencumber the Federal hiring process to attract new talent 
that can bring new ideas into the Federal workforce.
    My final point is that we should unleash the innovative 
power of the existing industrial base and the commercial 
sector. We already have innovation in the companies that sell 
goods and services to support the government mission, but 
government's unique compliance requirements on vendors distorts 
what they can sell and how they can deliver it. For commercial 
companies, such compliance requirements are often prohibitive.
    Congress should address these burdens and remove those that 
do not improve the acquisition outcome or derive better value 
for the taxpayer. In other words, Congress should help make the 
government a better customer.
    Not all of these challenges can be addressed through 
legislative actions, but many solutions and outcomes can be 
driven through the oversight role that these subcommittees and 
Congress can exercise. Additionally, much of what I have 
identified requires cultural changes, some of which will not be 
simple and congressional oversight of agency management can 
help to drive those changes.
    We did not get where we are overnight, and solutions and 
modernization will not happen overnight either. However, we can 
no longer accept that these challenges are too hard to address. 
I encourage the committee and Congress to embrace and enable IT 
modernization and all that it can deliver and reimagine IT 
acquisition with us. We are ready to help with such an 
undertaking.
    Thank you again to the chairmen and ranking members and 
members of the committee for the opportunity to present these 
thoughts. My submitted testimony addresses these and other 
related topics, and I'd be happy to address your questions at 
the appropriate time.
    [Prepared statement of Mr. Hodgkins follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
 
    Mr. Hurd. Thank you, sir.
    Ms. Lee, you are now recognized for your five-minute 
opening remarks.

                    STATEMENT OF DEIDRE LEE

    Ms. Lee. Mr. Chairman, Ranking Members, members of the 
subcommittee, my name is Deidre Lee. I am the chair of the 809 
Panel and a retired Federal employee. I submit my statement of 
the record, and I will summarize for the committee.
    A little bit of background first on the 809 panel. The 
panel was established by the fiscal year 2016 NDAA and amended 
by section 863(d) of the fiscal year 2017 NDAA. The amendments 
specifically clarified the independence of the panel.
    The panel, by statute, was authorized to focus on DOD, 
although, as we all know, what happens at DOD often is 
reflected across the government. But the main question is, is 
the acquisition system as we commonly refer to it impacting the 
ability of the Department of Defense to maintain--obtain and 
maintain technological dominance, whether that be in our IT 
systems, our weapons systems, or our back-office systems. How 
is the acquisition impacting that?
    Also, specifically in the statute we were to streamline the 
system, improve efficiency and effectiveness, look at 
appropriate buyer and seller relationships, and look at the 
financial and ethical and integrity of Defense programs. It's a 
big scope.
    The panel was seated in August of 2016, and we have 18 
commissioners, as we refer to them, which are appointed panel 
members, and they are listed in the--my written testimony, but 
I will just very briefly go through them: Mr. Dave Ahern, who 
is a well-known program manager at the Department; Major 
General Casey Blake, he is the head of Air Force contracting 
at--currently; Mr. Elliott Branch, I'm sure the committee has 
seen Mr. Branch. Mr. Branch is the head of the Navy 
contracting; Al Burman, prior OFPP administrator; David 
Drabkin, well-versed in GSA and also worked on the Pentagon 
renovation; retired Vice Admiral Joe Dyer, well-known for his 
program management; Cathy Garman, a prior staffer on the Hill 
here; Claire Grady, the current defense procurement and 
acquisition policy director; Brigadier General Mike Hoskin with 
the Army who is Army contracting; Bill LaPlante, prior SAE; 
retired Major General Ken Merchant from the Air Force; Mr. Dave 
Metzger, who is practicing attorney and is well-versed in 
protests and those--that realm of our oversight; Dr. Terry 
Raney; retired Major General Darryl Scott, who is very familiar 
with contingency contracting, served for us overseas; retired 
Lieutenant General Ross Thompson, same, Army but contingency 
contracting; Larry Trowel and Charlie Williams, previously 
chair of the DCMA. So as you can see, we have a broad group and 
a lot of work to do here.
    Our panel has already formed eight teams, and they are 
statute baseline. We were specifically told to do that and 
we're doing that. We have streamlined the acquisition process. 
We're looking at commercial buying. We're looking at barriers 
to entry, successful programs, information technology 
acquisition, and budgets, fiscal constraint, and then workforce 
has been mentioned here.
    As you know, we do have an IT acquisition team formed a 
bit--over a month ago so it's too early to give you specific 
results. And I could and would like to spend a great deal of 
time talking about what we've found in each committee, but 
there simply isn't time and that's not the focus of this.
    We have met with over 100 people, meetings, associations, 
but I can tell you that there are four recurring themes that we 
see, and they're covered more in depth in my testimony, but I'm 
just going to name them here.
    We--our themes that we see are we need to execute to 
mission mentioned by almost every one of my prior testimony. We 
are sometimes more engaged with other nice-to-do but ancillary 
actions that impede our mission. I think Chairman Hurd covered 
that quite well.
    We need to simply everything. Often, we talk about the big 
programs and the big dollars, but simplifying the little 
transactions matters, too, and we have just simply too much 
regulatory underbrush that needs to be cleared out, modernized, 
updated.
    We need to value time, and I'm going to go a little bit 
over what someone said here. It would be nice to turn the 
technology in three years and completely renovate, but it takes 
us two years to issue a contract. How are we going to get 
there? This has got to be reduced. We treat time with disregard 
and that has to change.
    And then the last one I'm going to mention here is we need 
to decriminalize commerce, and we can discuss that further 
should you care.
    None of this is new. Our point right here is we need to go 
bold. The time of nibbling around the edges, making minor 
adjustments is well past us. What our committee--what our panel 
is going to come up with is going to be in many cases 
controversial, and it will probably impact some very 
specialized groups. The time is now. We're blocking our own 
ability to reach technology.
    [Prepared statement of Ms. Lee follows:]
    
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Hurd. Thank you, Ms. Lee.
    I would now like to recognize Mr. Hice for five minutes of 
questioning.
    Mr. Hice. Thank you, Chairman Hurd. I appreciate it a great 
deal.
    I think all of us know just based on your testimony there 
have been a number of failed IT projects in the Federal 
Government. And many of these projects go on for years and 
years and years before someone finally steps in and stops the 
bleedings. And the examples are abundant. One of them that 
comes to mind is a VA. For years, they tried to develop an 
integrated financial and asset management system across the 
agency. In 1998, they made their first attempt at this project. 
Then, they terminated it six years later in 2004. So 2005 rolls 
around and they decide to try it again. As recent as 2009, they 
had planned to deliver a fully operational system by 2014, but 
all of it was terminated in 2011.
    That program was $609 million. And the examples are on and 
on and on. NASA, NOAA, and DOD, $15 billion project that lasted 
over eight years before it failed. It goes on and on and on and 
on.
    So, Mr. Powner, let me begin with you. Why do so many of 
these projects fail?
    Mr. Powner. So there are some common themes on all these. 
The VA systems you talked about, the requirements were poor. 
They had a very poor schedule. There's also a lack of focus on 
delivery.
    The combination of the DOD/NOAA satellite acquisition, we 
started off on that, requirements weren't good, the complexity 
was far too much. We finally settled on a satellite that had 
far less sensors. So this gets back to some basic things that 
FITARA's trying to do. If these agencies would go smaller in 
more incremental bites, we would deliver a lot better. It would 
be easier to define your requirements in smaller increments and 
deliver in smaller increments. I think that's key.
    Also, too, with some of these programs there wasn't real 
clear accountability. I think with what you're trying to do 
with FITARA where the CIOs are in charge, one of the comments I 
made in my opening statement is we just recently talked to all 
24 CIOs and only eight of them told us that I have the 
authority to cancel one of these troubled programs. So two-
thirds do not have the authority to cancel a troubled program 
in their department or agency. We still got a lot of work 
there.
    Mr. Hice. Okay. So lack of accountability and biting off 
more than they can chew basically you say.
    Ms. Lee, let me ask you this, just kind of piggy-backing on 
what Mr. Powner said, why in the world does it take so long to 
fail? I mean at some point--does it take eight years to figure 
out this thing is not working? Does it take $15 billion or--why 
does it take so long to fail?
    Ms. Lee. It should not. You know, that's the basis of what 
are your measures, at what increments, who's looking at these 
things, how is your contract structured, and the ability--and I 
think it was very well said--the ability of people to raise 
their hands, speak up, and say something's not going right and 
actually have an impact.
    Mr. Hice. So who is responsible to raise their hand and say 
something's not going right?
    Ms. Lee. It certainly depends on the program. If we're 
talking large programs, there's usually a program manager who's 
in charge of that, and he's usually--he or she's usually 
surrounded by a team.
    Mr. Hice. All right. So the program manager is where the 
buck stops in your opinion ----
    Ms. Lee. In my ----
    Mr. Hice.--your testimony, okay. So ----
    Ms. Lee. For large programs, for large--some are smaller --
--
    Mr. Hice. Well, sure. Yes, but the larger programs I think 
is primarily what we are zeroing in here.
    Mr. Spires, you led the IRS Business Systems Modernization 
back in '04. You have had a lot of experience with all this. In 
your opinion, why do these projects fail?
    Mr. Spires. Well, pick up on the themes here but even what 
some more points on this, it is the program management's--
manager's responsibility and his or her team to drive a 
program, but what I have found too often in government is that 
the program manager really is not given the authority, right, 
many times, and there's not a decision-making, a governance 
model at the highest levels of the agency to effectively guide 
and to help the program manager. So I've actually reviewed 
programs, sir, where you literally have had program managers 
being pulled different directions by different senior leaders 
in the organization. That's a recipe for failure.
    I have found over and over in reviews of programs, probably 
reviewed more than 100 major programs in U.S. Federal 
Government that we usually have failure when a combination of 
not having the skilled program manager and the team that's 
supporting that program--and I'm talking about government 
people here. This isn't just about contractors, government 
people. And we don't also have a good governance model that's 
set up so you have the right people together to be able to make 
the right decisions. And time and time again, that's where I've 
seen failure.
    Mr. Hice. My time is expired, Mr. Chairman, but there is a 
real key here with these project managers and a lack of 
accountability and this whole structure, that there is a major 
breakdown there. Ms. Lee, your comments about the 
criminalization of commerce, I would love to hear you go deeper 
into that situation as we had time. But thank you, and I yield 
back.
    Ms. Lee. Mr.--if I may, on one of the things we're seeing 
from the 809 panel is certainly what was said here about the 
team around the program manager, but that team has all got to 
have the same driving goal, which is achieving performance and 
results. Unfortunately, we are seeing many conflicting goals. 
Someone who's specialty has--you know, they really have to 
drive home their test or someone else who's focus is on 
something else. And that confluence of competing priorities 
does impact a program.
    So one of the things we're seeing from a panel standpoint 
is we may recommend it--we're not at recommendation stage yet--
but to say we need to boldly declare that the purpose of an 
acquisition system is to buy the right thing timely at the 
right cost. The other nice-to-do, good-to-do are secondary 
goals and must be managed as such.
    Mr. Hurd. Thank you. I would now like to recognize Ms. 
Kelly for her five minutes.
    Ms. Kelly. Thank you. It seems the moment you buy the 
latest smartphone, the next model is already out and twice as 
powerful as the one you bought before. If this is hard to say 
current with one personal device, imagine the difficulty of 
keeping current with the vast information technology portfolio 
that GAO projects to reach $89 billion this year alone.
    Ms. Lee, this is a problem you have seen as part of your 
work on the Section 809 Panel, which you have described to us. 
How do you think this panel will be different from so many 
other acquisition reform commissions of the past so that are 
not simply identifying a problem, which you have done so well 
and others, but are actively working to solve them?
    Ms. Lee. Ms. Kelly, that--thank you for that question. One 
of the things that we've been instructed very clearly from 
meetings with our constituents and in fact some of the stuff is 
we want to be more 809 Panel-esque, and if you recall the 809 
Panel delivered as part of the report actually line-in, line-
out language so that as you deliberate--you the Congress 
deliberate and say, yes, we think that's a good idea or no, we 
don't like that one, but we've actually shown you how we 
believe--if it's statutory, you know, and we are doing the 
trace-back of all the regulations to the statutory base if 
there is one. If not, where did it come from?
    So some of these recommendations may be able to be made 
regulatorily, but some of them, and a good number of them, do 
have statutory base. So what we're offering forward in our 
report will be that detailed last--not last mile, last inch of 
a report.
    Ms. Kelly. Thank you. When Clinger-Cohen was passed, the 
internet was will an emerging consumer technology. The way we 
use and buy technology has dramatically changed since the mid-
'90s and government is relying on a 20th century procurement 
system to acquire 21st century technology. How can this panel 
ensure its recommendations are technology-neutral enough to 
accomplish both today's information technology and whatever may 
become possible tomorrow?
    Ms. Lee. Ms. Kelly, my mantra for this panel that gets some 
people's attention and makes a lot of people nervous is go 
bold. If we don't give you bold recommendations, we will have 
missed the mark. And we are looking at things such as that 
question. Is the competition of the 21st century the same as it 
was when some of the--when the Competition in Contracting Act 
was enacting? Maybe competition occurs differently, maybe at a 
different level, maybe in a different format, which would 
significantly change how we contract.
    We are looking at what I call remedies. We have a very 
robust protest system. Is that the correct remedy approach for 
both the government and industry? Extremely controversial area. 
We are looking at and asking ourselves, okay, we have a lot of 
good socioeconomic policies. Individually, they're all good 
things to do. Collectively, they're crushing. And we're looking 
also at the underbrush. We've found some very anecdotal things 
right now but some, you know, little things that we're putting 
clauses in contracts and, as Mr. Hodgkins mentioned, a new 
entrance going--is going what's this? I have to sign up to 
these 155 things? And oh, by the way, you'll get back to me in 
two years?
    We've actually met with some people on the West Coast who 
said a quick no is better than a tortuous yes and that our 
system is a tortuous system. And those are for people who we 
kind of want to do business with, and they look at us as a very 
risky and perhaps unattractive ----
    Ms. Kelly. Right. Have you happened to find any best 
practices in your work on the Section 809 Panel that can be 
applied to other agencies? Or it sounds like not really but I 
will give you a chance.
    Ms. Lee. Well, we're early. We do have a team that is 
looking at mostly major weapons systems. Obviously, there's the 
big dollars but smaller number of transactions. We're also 
looking at the smaller dollars with larger numbers of 
transactions, but even in DOD, smaller dollars is hundreds of 
millions of dollars. So what we've found--we've got one team 
looking for an odd approach, what went right and how can we 
replicate that across other buy systems processes? And if we 
can, why don't we?
    Ms. Kelly. And, Mr. Spires, do you think the Section 809 
model can be successfully applied to other agencies?
    Mr. Spires. Well, let me--you know, it's good you asked me 
that because I was just thinking not all programs and projects 
are alike, right, and there are very specialty things about IT. 
The good news about IT is that the technology and the methods 
have evolved so--Mr. Powner was talking about incremental, 
whether using, you know, agile development techniques or the 
like. I'm a huge believer--and in fact, the more complex you're 
trying to build an IT system, the more you should be doing 
prototyping and piloting up front so that if you're--if you've 
got an architecture--a technical architecture that's not going 
to work, you find that out early in the program. Okay. These 
are some of the mitigation technologies, approaches that you 
can use in IT that, you know, may be applicable to other areas.
    So I'm--you know, the 809 Panel, I'm really interested to 
see what they come out with, and I'm sure some of their things 
will be very beneficial, but you also need to make sure that 
it's specific to IT acquisition and various types of IT 
programs.
    Ms. Kelly. Mr. Hodgkins, is there anything government is 
getting right with IT? Quickly, quickly.
    Ms. Lee. You get the hard questions.
    Mr. Hodgkins. Yes. Thank you, Ms. Kelly.
    Yes, I mean, given the constraints that the current 
workforce has to work under, they're doing an exceptional job 
of keeping antiquated systems functioning on really critical 
mission areas. You know, we target our nuclear systems with 
decade-old mainframes. We keep the Social Security system and 
the IRS systems running on decades-old mainframes. And with 
what they have to work with, they're probably doing a--I would 
consider exceptional keeping those old systems functional.
    And there are pockets where we're having the opportunities 
to make improvements. There was discussion about the innovation 
labs; 18F has made some progress in some areas. USDS has made 
some examples. And we need to figure out how to take some of 
those activities and scale them more broadly.
    Ms. Kelly. Thank you.
    Mr. Hurd. Mr. Russell--my intention is to get through 
Russell, Connolly, and I, so please, let's keep it to five 
minutes so that we don't make our panelists wait any longer 
than they have to.
    Mr. Russell, you are recognized for five minutes.
    Mr. Russell. Thank you, Mr. Chairman. And thank you for 
being here today. If this were an easy problem, we wouldn't 
have five witnesses, and the expertise that you bring is 
significant.
    Ms. Lee, in your testimony, you have both stated and 
alluded in your comments that for many, the benefits of doing 
business with government are not sufficient to offset the 
associated risks. And, you know, that is precisely the 
environment we don't want to create. We want to try to solve 
problems with industry and innovation, but it becomes too 
difficult to work with government.
    But you also mentioned criminalizing commerce. Can you give 
some examples of that?
    Ms. Lee. We treat every--people are going to make 
transactions, they're going to make tradeoffs, they're going to 
make decisions. We treat many decisions when something goes 
wrong as if it's a very nefarious action. You think about from 
an industry standpoint when I was in industry an error on a 
bill or a billing error can carry with it treble damages, and 
each invoice is counted as a separate act. It's oppressive.
    I'm all for ethics, integrity, and good governance, but 
putting so much fear in the system that we scare away not only 
good partners but good people, we've got to look at what really 
business transaction we're trying to achieve and how we can 
make sure that the system is fair but not so onerous that 
people can't or won't participate.
    Mr. Russell. Who would make that determination to provide 
that type of latitude? Is that something statutory or is that 
something that we give the judicial branch latitude? Or what is 
the fix, really anybody?
    Ms. Lee. That's what we're digging into, and very--too 
early for me to speak for my 18 commissioners, but we do need 
to look at ----
    Mr. Russell. Well, you raise an excellent ----
    Ms. Lee. Purpose?
    Mr. Russell.--point. Right.
    Ms. Lee. Process. We need to look at some of the oversight 
process. We need to look at some of the audit process. I will 
give you a personal example. When I was up and coming in 
acquisition, the auditor was my friend. I went to them and said 
can you ----
    Mr. Russell. The auditor is ----
    Ms. Lee.--help me?
    Mr. Russell.--never your friend, Ms. Lee, right?
    Ms. Lee. Yes.
    [Laughter.]
    Ms. Lee. You know, can you help me get this right? We had 
internal auditors. Now, that is all changed, and the people 
trying to do the right thing are staying a mile away ----
    Mr. Russell. Sure.
    Ms. Lee.--from the auditor.
    Mr. Russell. Yes. Well, and, you know, like we often joke, 
nothing is so hard at government that we can't make harder, and 
I think we see an example of that.
    You also spoke to the effect of going bold and that to do 
otherwise is to put our military's mission at risk. Could you 
explain and elaborate a little bit more on the impacts of the 
mission? I mean, Mr. Hodgkins also talked about, you know, 
using eight-inch floppy disks for our nuclear defense, you 
know. Gosh, I guess that is one way to be secure from cyber 
warfare as we use systems that nobody has anymore, you know, 
they don't know how to acquire. But, you know, these are some 
of the problems. But would you care to speak a little bit to 
that?
    Mr. Hodgkins. Well, the systems that you're discussing, we 
shouldn't jump to judgment that all the systems we have in 
place need to be replaced. That's not the case. We do connect 
systems that were never designed to be plugged into the 
internet to the internet, and that creates vulnerabilities. But 
there's different systems with different mission needs, and we 
have to look at it. That's why I suggested that we need to do 
that inventory. And then we can figure out exactly what 
everyone owns and what they're using it for, what software it's 
running, what is the mission need, and it also will lend itself 
to identify solutions about we need to modernize this and we 
need to leave that one in place.
    Mr. Russell. I appreciate that. And, you know, on this 
committee all of us are really dedicated to that. In fact, it 
was this committee, Mr. Cartwright and myself, that authored 
the MEGABYTE Act, you know, that gave latitude to agencies to 
be able to use suites of software rather than buy entire 
packages for portions that weren't being used. I don't know if 
that has had any impact or not, but, you know, it seemed like a 
no-brainer. And, you know, by all estimates it was supposed to 
save $4 billion.
    And so I understand maintaining legacy systems if they're 
in a unique niche that really--you know, you don't want 
anything else to share, but is that the approach that we want 
to take when we can consolidate--the CIOS--if you were to read 
Senator Cohen's testimony, I mean, it sounds like today--Mr. 
Spires?
    Mr. Spires. Well, yes, Mr. Russell. I would weigh in here 
that--back to my point about going bold. I mean, I have said we 
need to go bold on IT infrastructure in a big way. You know, I 
ran the systems at IRS for a while. I was the CIO there. And, 
you know, we're not going to replace tens of millions of lines 
of COBOL code any time soon. That stuff's going to continue to 
run. But what we can do is modernize the infrastructure that 
that stuff runs on, move much more to the cloud infrastructure 
because the security models are there now. And I think we save 
a lot of money. We simplify a lot of things, which is a big 
part of the issue. We consolidate tremendously. And then you 
can go after and tackle these--a lot of these legacy 
applications that are really going to be very difficult to 
replace, you know, any time soon. But at least you're running 
on modern infrastructure. Your cybersecurity posture is much 
improved. So that's a go-bold approach.
    Mr. Russell. Thank you. And thank you, Mr. Chairman.
    Mr. Hurd. Thank you, Mr. Russell.
    The gentleman from the Commonwealth of Virginia, Mr. 
Connolly ----
    Mr. Connolly. Thank you, Mr. ----
    Mr. Hurd.--five minutes.
    Mr. Connolly. Thank you, Mr. Chairman.
    Ms. Lee, I have got to say you have added some bon mot to 
the Federal language. I mean, to refer to something as a 
Section 809 Panel-esque, not quite 809 but close, and then the 
auditor is your friend. I mean--well, I know, but just hearing 
that is sort of like--I am here from the government and we are 
here to help you. Anyway--but thank you. I appreciated very 
much your testimony, and it is great to see old friends at this 
panel.
    Mr. Powner, you were at an event the other day or maybe a 
hearing where you talked about some of the sunset provisions in 
FITARA that we need to address, and chief among which was, for 
me, the data center consolidation ----
    Mr. Powner. Yes.
    Mr. Connolly.--sunset provision, which for some strange 
reason closes the door in 2018 at the very moment we are 
finally beginning to make progress. Your recommendation?
    Mr. Powner. So I think clearly you need to extend that at 
least several years on data centers. And the reason I say that 
is if you look at optimization metrics, right, we want to save 
money, we want to optimize centers, only about a third of the 
24 departments and agencies will meet like four to five of the 
key optimization metrics. The other ones are self-reporting 
that they're going to be nowhere near that in 2018.
    So what does that mean? We need to give them a little more 
time to save money, to meet these optimization metrics. But I 
think there is a fundamental question--I agree with Mr. Spires 
on this--on infrastructure. We started this in 2010. It goes 
through 2018. If you extend it a couple of years to 2020, if 
you can't meet optimization metrics in 10 years, they should be 
out of the business. We should go to cloud solutions. I agree 
with Mr. Spires on that. Ten years is a long period of time, 
and at some point you got to say maybe you shouldn't be in the 
business of running data centers. Let's give them a chance to 
see what happens, but we need to think about that.
    Mr. Connolly. Ms. Lee, that sounds like going bold to me.
    Ms. Lee. Time matters.
    Mr. Connolly. Yes.
    Ms. Lee. We've come to the point where we've seen--as I 
said, we treat it like a valueless, endless commodity when, 
especially in technology, things turn so quickly, and yet we're 
content to make very lengthy contracts and very ----
    Mr. Connolly. By the way, we need you looking at FedRAMP. 
Time matters. It is supposed to be like six months and a 
quarter of a million dollars. It is now up to two years and $4 
or $5 million. You know, unacceptable and we are going to have 
to look at that at some point if they can't fix it 
administratively.
    Mr. Spires made a number of recommendations in terms of--
well, I think two recommendations in terms of adding to the 
scorecard. And, Mr. Powner, your reaction to those 
recommendations?
    Mr. Powner. Yes, I think, you know, his suggestion on the 
commodity--the way that we measure the commodity area, that's a 
potential--I mean, a lot of this, as you well know, it's based 
on available data. We're open to that.
    I do think, though, when you look at the Federal workforce, 
this was discussed earlier, I think assessing each agency on 
how they assess and address their Federal workforce needs, 
including the cyber area, that's key with the 2015 
Cybersecurity Act. I think that's another key area because it's 
also about the people and do we have the right people on board.
    Mr. Connolly. Yes.
    Mr. Powner. It's something we'll work with your committee 
on.
    Mr. Connolly. Unfortunately, we are running out of time 
because of votes, and I promised the chairman I would stick to 
five minutes. I am in fact sticking to three-and-a-half. I 
yield back the balance of my time.
    Mr. Hurd. You all saw it here first.
    [Laughter.]
    Mr. Connolly. No good deed goes unpunished in this city, 
you know?
    Mr. Hurd. Thank you all for being here. There has been 
probably four or five topics that--and just you all's quick 
comments that we can follow up with the scorecard. So thank you 
for that. And you have helped me--one of the things as we are 
looking at a project on what I have been calling the Cyber 
National Guard, one of the problems we have is what are the 
needs in the various agencies when it comes to the IT staff, 
right? What positions, you know, what certifications are they 
going to need in order to come straight in? And so having that, 
you know, addressing that need across the spectrum is 
important.
    Mr. Puvvada, a couple of questions for you. GSA maintains 
the schedule contracting, which accounts for more than $30 
billion in annual transactions. What do you see as the pros and 
cons in this system? And also, your company is no longer 
participating in the GSA schedule contracting. Can you talk 
about what led to that?
    Mr. Puvvada. Sure. So there is a benefit to having a 
standard set of offerings that could be leveraged across the 
government whether it is schedule for services or schedule for 
product. The problem comes with what Ms. Lee and Mr. Hodgkins 
talked about is onerous reporting requirements to have most 
favored pricing, which is very hard to do for global 
corporations that provide services and solutions that cross, 
you know, several industry sectors.
    What happens is there are particular elements of solutions 
that we offer, for example, similar to several other companies 
that there is no way to keep track of that. For example, the 
price we offer for a particular product is in the context of a 
bigger solution element. So we have no way of most often 
keeping track of the cost. So we chose not to participate on 
the product list because we would spend an inordinate amount of 
time reporting and keeping track of it and also I pick up on 
the decriminalization aspect, which is the penalties that are 
acquired are very onerous.
    So we'd recommend that GSA take a look at a more balanced 
approach in trying to look at it from the perspective of how 
could I get the innovation and get a good value for the 
government but not necessarily go to the level of detail that 
is required to provide reporting and be consistent about it and 
have a contextual understanding of how they're assessing the 
best price that they get.
    Mr. Hurd. I do copy. In your opening remarks you identified 
two entities that were examples of positive--the Procurement 
Innovation Lab in DHS and the HHS Buyers Club. Is that what you 
said ----
    Mr. Puvvada. Yes. Yes.
    Mr. Hurd.--Buyers Club? Can you talk to me about--you know, 
take 45 seconds, a minute and explain why you highlighted those 
two?
    Mr. Puvvada. So both of these organizations have a similar 
profile. So what the leaders within the organizations are doing 
is providing a--an innovation approach in contracting where 
they're allowing risk-taking and come up with a modular 
contract and best practices and giving air cover to the 
contracting officers and encouraging innovation and doing 
experimentation and really focusing on the outcomes as opposed 
to the products.
    So along with that comes recognition for people that do 
really well called a badge, Pell badge. So that is an 
important--along with, you know, rewards and recognition that 
becomes an important element, and that gets a lot of traction.
    So what we made the recommendation is that that be widely 
adopted and not a whole lot of management, you know, overhead 
that is required to take some of those kinds of things and 
encourage that risk-taking and cut down that contracting time 
is what Ms. Lee was talking about, taking two years to get a 
technology.
    Mr. Hurd. All right. Mr. Hodgkins, assessing inventory, it 
is crazy to me that every time we do another, you know, 
scorecard, we find a new database, we find a new server farm, 
we--you know, oh, wait, we actually have four connections to 
the internet and not two. Assessing inventory, why is it so 
hard and what--you know, this is something that we should--
every agency should be able to do in how many months?
    Mr. Hodgkins. Well, I mean, we would suggest--and we worked 
with your office and Ms. Kelly in particular last year around a 
concept to do inventory that, you know, the government can do 
this job in a relatively short order. There are some short time 
frames of a year or less for some of the actions in that 
proposal and suggestion.
    The challenge you have is that different agencies treat 
those requirements in different ways. Different people define 
and interpret requirements. We saw this with data center 
consolidation. The first rollout defined a data center as X, Y, 
and Z. well, agencies work to make sure their data centers 
didn't fit in that metric. And so the CIO's office or others 
would define that more explicitly, and agencies would then 
again work to exclude data centers to where we have square 
footage requirements trying to get at the guy who's running a 
server in a closet somewhere. So we have that kind of activity 
going on in the context of trying to expose some of this and 
drive toward data center consolidation. That's one example I 
can point to.
    And I think that we have to come up with incentives for the 
agencies to expose this information and then act effectively 
around what the agencies need to be doing with the directions 
and metrics that Congress and OMB would be setting.
    Mr. Hurd. That is helpful.
    And, Mr. Spires, final question for you. When we get MGT 
passed, what is going to prevent--what is going to get in the 
way of truly utilizing where a CIO can--when they doing 
something and they realize savings, what are going to be some 
of those barriers that CIOs are going to have in actually 
achieving what we are trying to do with MGT? Is that a fair 
question, sir?
    Mr. Spires. Yes, it is definitely a fair question. I guess 
a couple of points on that, I think you're going to find that 
many CIOs--I mean, this whole model that says we should be able 
to realize savings through efficiencies and reinvest, right, in 
more modernization. I think you're going to have a lot of 
issues with that, and that would include up to Congress and 
Appropriations Committees, right, because of the way the 
budgeting structure works. So you're going to have that set of 
issues that goes through OMB up to the Hill.
    You're also going to have a situation where--another big 
part of it that I really like is this idea of having these 
working capital funds so that you got some more budget 
flexibility for the IT organizations to be able to work. I 
mean, running major programs in my past, it was beneficial, 
like when I was at the IRS, to have three-year working capital 
fund money so that we could plan these projects out and have 
some assurance that we're going to have sustained funding. I 
think as long as the Appropriations Committees up here can work 
with the agencies to make sure that model works well, that's 
great.
    I don't think that's where the big problems are, though, 
Mr. Hurd. The big problems are still going to be back to the 
authorities issues back to, you know, the fact that--and it's 
in--and I always like to say it's not about the CIO owning 
everything. It's about the CIO working collectively with the 
mission owners, with the other CxOs to be able to effectively 
deliver IT.
    Mr. Hurd. And that is why we go forward with FITARA 
implementation we are going to have CIOs, CFOs, agency heads in 
front. You know, I know the White House is very committed to 
making sure that the agency heads understand the role of the 
CIOs and the CIOs have all the responsibility they need since 
we are going to hold them accountable. And that is something 
that has been very clear coming out of this White House, which 
I think is fantastic.
    I want to thank all of you for being here to appear before 
us today. There has been a lot of information that we can 
integrate into work that we are always doing in areas that you 
all talked about where we can continue to shine an additional 
light.
    So I ask unanimous consent that members have five 
legislative days to submit questions for the record. And 
without objection, so ordered.
    There is no further business. Without objection, the 
subcommittees stand adjourned.
    [Whereupon, at 3:21 p.m., the subcommittees were 
adjourned.]


                                APPENDIX

                              ----------                              


               Material Submitted for the Hearing Record
               
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
               
               
                                 [all]