[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
OVERSIGHT OF THE LIBRARY OF CONGRESS' INFORMATION TECHNOLOGY MANAGEMENT
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON HOUSE
ADMINISTRATION
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
JUNE 8, 2017
__________
Printed for the use of the Committee on House Administration
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available on the Internet:
http://www.gpoaccess.gov/congress/house/administration/index.html
_________
U.S. GOVERNMENT PUBLISHING OFFICE
27-632 WASHINGTON : 2017
____________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001
Committee on House Administration
GREGG HARPER, Mississippi, Chairman
RODNEY DAVIS, Illinois, Vice ROBERT A. BRADY, Pennsylvania,
Chairman Ranking Member
BARBARA COMSTOCK, Virginia ZOE LOFGREN, California
MARK WALKER, North Carolina JAMIE RASKIN, Maryland
ADRIAN SMITH, Nebraska
BARRY LOUDERMILK, Georgia
OVERSIGHT OF THE LIBRARY OF CONGRESS' INFORMATION TECHNOLOGY MANAGEMENT
----------
THURSDAY, JUNE 8, 2017
House of Representatives,
Committee on House Administration,
Washington, DC.
The Committee met, pursuant to call, at 10:02 a.m., in Room
1310, Longworth House Office Building, Hon. Gregg Harper
[Chairman of the Committee] presiding.
Present: Representatives Harper, Davis, Comstock, Smith,
Loudermilk, Lofgren, and Raskin.
Staff Present: Sean Moran, Staff Director; Kim Betz, Deputy
Staff Director/Policy and Oversight; Cole Felder, Deputy
General Counsel; Eric McCracken, Communications Director; C.
Maggie Moore, Legislative Clerk; Rob Taggart, Deputy
Legislative Clerk/Oversight; Jamie Fleet, Minority Staff
Director; Khalil Abboud, Minority Deputy Staff Director; Eddie
Flaherty, Minority Chief Clerk; and Meredith Connor, Minority
Staff Assistant.
The Chairman. I now call to order the Committee on House
Administration for the purposes of today's hearing, ``Examining
the Library of Congress'' Information Technology Management.''
The hearing record will remain open for 5 legislative days
so Members may submit any materials they wish to be included.
A quorum is present, so we may proceed.
I would like to thank our witnesses for taking time out of
their schedules to be with us today.
Dr. Hayden, thank you for returning. I know you testified
before this Committee earlier in the year on the Library of
Congress' priorities for 2017 and beyond.
And I thank Mr. Barton and Mr. Hyde for their appearances
before our Committee to discuss this important issue with us.
While IT management was briefly discussed at our hearing in
February, today's hearing will allow the Committee to receive
more detailed information on what the Library is doing to
improve their management of the Library's IT systems.
The Library of Congress serves many different
constituencies in many different capacities. The 11-month audit
resulted in 6 broad findings and 31 corresponding
recommendations to strengthen the Library's IT management.
According to GAO, the weaknesses included lack of strategic
planning, lack of processes related to investment management,
lack of processes related to acquisition management, weak
processes related to information security, and lack of service
to the Library's service units, such as CRS and the Copyright
Office, and a lack of leadership, including a chief information
officer.
Since GAO released its report, the Library has worked to
address these recommendations. To date, five recommendations
have been fully implemented to GAO's satisfaction.
For example, in 2015, the Library appointed Mr. Barton as
the new Chief Information Officer. Later, in 2016, Dr. Hayden
issued a memorandum directing all Library technology activities
be centrally coordinated through the Office of the Chief
Information Officer and be approved by the Library's Chief
Information Officer.
And most recently, the Library completed its IT strategic
plan. Finally, the Library has developed and implemented a
number of policies and processes to review IT investments as
well as inventory IT systems.
According to GAO, the Library has committed to closing
another 22 recommendations by the end of this year, a very
ambitious goal.
I look forward to hearing from all of our witnesses today
on these efforts, including understanding what support will be
available.
For example, there are many things that we will look at
today with the witnesses. And as we look at how things have
gone, I also want to point out a couple of other things before
we hear from Ms. Lofgren.
The Library of Congress serves as the largest Library in
the world, maintaining much more than 164 million items in its
collections. It houses a Copyright Office, which registered
more than 414,000 copyright claims in fiscal year 2016.
The Library is also home to the National Library Service
for the Blind and Physically Handicapped, which according to
the Library, in fiscal year 2016 provided 22 million copies of
braille and recorded books and magazines to more than 800,000
individuals.
These are just a few of the Library's roles and the
constituencies that they serve. As technology has advanced, the
Library's constituencies have changed the way that they consume
information. As a result, it has had to modernize its systems,
evolving its IT systems and processes to meet the needs of its
constituencies in a digital world.
However, these changes have not come without management
challenges. As far back as 1996, the Library had issues
managing its IT systems, and these are a part of our history.
And you look at what has happened in the past as we have gone
through these things, and we want to come to a point where we
address these challenges and these recommendations that have
been made.
So I would now like to recognize my colleague, Zoe Lofgren,
the gentlelady from California, for the purpose of providing an
opening statement.
Ms. Lofgren. Thank you, Mr. Chairman.
Mr. Brady was unable to be here this morning, so I am happy
to give the statement, his statement. We are thankful that this
hearing is being held and that we can hear from these wonderful
witnesses, and it is good to see them all.
Under the leadership of Dr. Hayden and now CIO Bud Barton,
we think the Library has made great strides in the IT area, and
that is really important.
We think about the Library in terms of its wonderful
collection, the beautiful building, the Copyright Office,
services for the blind, but none of that really functions well
if we don't have an adequate IT system. And as we know, we have
had deficiencies there for a long time.
The appointment of Mr. Barton has been a huge important
step forward. We are appreciative of that. The clearly defined
roles and responsibilities are just essential if we are going
to move forward successfully in the IT area.
It is my understanding that of the 31 recommendations made
by the GAO, all are either on schedule or ahead of schedule or
have been completed, which is really fabulous.
The Library, I think, has submitted their budget request
for fiscal year 2018, and in it they have requested increases
to their funding to support the continued IT modernization, and
I think we all need to support this request. It is an
investment in our future. The Library can't be expected to keep
pace with rapid technological changes if they are not resourced
to do so.
As I say, the Library is a world-class cultural
institution. It is something we are proud of. It is one of the
premier visitor attractions in this beautiful city. But the
behind-the-scene work of the IT people is essential.
So thank you, witnesses. Thank you, Dr. Hayden, for your
terrific leadership in this part of the Library and every
other. It is a pleasure to see you again.
And with that, Mr. Chairman, I know that there are no other
hearings commanding attention on the Hill today, so I will
yield back.
The Chairman. Well, as evidenced by the incredible number
of media representatives who are here to cover this hearing.
That is a great observation, Ms. Lofgren.
The gentlelady yields back.
Anyone else? Any other member care to make any opening
statements?
Mr. Raskin. Mr. Chair, I just wanted to welcome back to the
Committee Dr. Hayden. As the only representative of the Free
State here, I want to just commend Dr. Hayden on her leadership
and just reemphasize how proud everybody is in Maryland of what
you are doing in the Library of Congress. And, of course, we
had your leadership at the Enoch Pratt Library in Baltimore. So
I want to associate myself with the remarks of Ms. Lofgren and
welcome you back.
The Chairman. The gentleman yields back.
I would now like to introduce our witnesses. Dr. Carla
Hayden was sworn in as the 14th Librarian of Congress on
September 14, 2016. Her appointment to this position also
marked the first time in our Nation's Library that we have had
a woman and an African American.
Dr. Hayden is a librarian's librarian, dedicating her
entire career to pursuing the accessibility of libraries in
communities. In her short time leading the Library, Dr. Hayden
has already demonstrated her commitment to continuing the
tradition of collecting, preserving, and making available a
vast collection of educational resources and protecting those
collections for future generations.
The Committee welcomes you back, Dr. Hayden.
Mr. Bernard ``Bud'' Barton was named the Library's Chief
Information Officer on September the 8th, 2015. In his capacity
as CIO, Mr. Barton serves as the primary adviser to the
Librarian on all information technology matters, as well as a
voting member of the Library's Executive Committee. Prior to
his service at the Library, Mr. Barton was the Deputy
Administrator and Chief Information Officer of the Defense
Technical Information Center.
Welcome to you, Mr. Barton.
Our final witness is Mr. Kurt Hyde. Mr. Hyde is the current
Inspector General for the Library of Congress. As the IG, Mr.
Hyde is responsible for assessing the Library's operations.
Prior to serving as the Library's IG, Mr. Hyde served as the
Deputy Inspector General for audit and evaluations at the
Special Inspector General for Troubled Asset Relief Program.
Sounds a lot like TARP.
Welcome, Mr. Hyde.
Again, we thank each of you for joining us today. We look
forward to hearing your testimony. And the Chair will now
recognize for 5 minutes Dr. Carla Hayden for the purposes of an
opening statement.
Dr. Hayden.
STATEMENTS OF THE HONORABLE DR. CARLA D. HAYDEN, LIBRARIAN OF
CONGRESS; MR. BERNARD A. BARTON, JR., CHIEF INFORMATION
OFFICER, LIBRARY OF CONGRESS; AND MR. KURT W. HYDE, INSPECTOR
GENERAL, LIBRARY OF CONGRESS
STATEMENT OF CARLA D. HAYDEN
Ms. Hayden. Thank you. And good morning, Chairman Harper
and Members of the Committee. And thank you for allowing me to
provide testimony on information technology at the Library of
Congress. I want to express my gratitude for the support this
Committee and, in fact, the entire Congress gives to the
Library.
The Library's vision is to provide excellent service to
Members of Congress while providing free and equal access to
the public. When I envision the future of this great
institution, I see it growing in stature. And as its resources
are readily available for more people online, users will not
have to be in Washington, D.C., to access the Library's vast
resources and collections. Our hope is that everyone everywhere
will have a sense of ownership and pride in this national
treasure.
And now, nearly 9 months into my tenure, I continually
believe and am inspired by the depth and breadth of the
Library's collections and the expertise and commitment to
public service by its staff.
The Library continues to focus, with my direction, in
earnest on its information technology management challenges.
The Government Accountability Office, GAO, delivered reports to
the Library in 2015 that cited the need to improve the
institution's overall IT planning, management, and operations.
The Library Inspector General also delivered reports on IT
investment management and systems development.
Together, these reports offered dozens of specific helpful
policy and operational recommendations to the Library, and we
welcome these examinations and especially the constructive
guidance they provide. That knowledge and guidance has proven
critical to developing the dynamic state-of-the-industry IT
infrastructure and management the Library so sorely needs.
In the months since I took office, to better support these
priorities, we have taken important steps to strengthen
management and oversight within existing resources.
In November, I addressed the need to maximize value from
the Library's investment in technology by directing that all
technology activities be centrally coordinated through the
Office of the Chief Information Officer and approved by Mr. Bud
Barton, who now reports directly to me.
I have weekly meetings with Mr. Barton, who shares regular
updates on the progress being made in not only centralization,
but on the entire progress of IT modernization. IT
centralization is well underway and IT investment planning is
now monitored and coordinated Librarywide.
The enhancements in the IT infrastructure also allow us to
increase visibility and accessibility of the Library and its
programming to all of your constituents around the country and
to support modern applications for programs such as the
Veterans History Project mobile application. More and more
events are being livestreamed to schools and public libraries
across the Nation, and schoolchildren and teens from various
States are able to watch, listen, and even ask questions to
high-profile writers and authors.
Chairman Harper and Members of the Committee, the Library
is both America's first Federal cultural institution and part
of the innovative infrastructure of America. I thank you,
again, for supporting the Library.
And I would like to now introduce and have Mr. Bud Barton
and Inspector General Kurt Hyde give you more details about the
progress we have made.
[The statement of Ms. Hayden follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Thank you, Dr. Hayden.
And we appreciate your testimony and look forward to
hearing more from you.
At this time, the Chair will recognize Mr. Bud Barton for 5
minutes for the purposes of an opening statement.
STATEMENT OF BERNARD A. BARTON, JR.
Mr. Barton. Good morning, Chairman Harper and Members of
the Committee. I am honored and humbled to appear before this
Committee this morning representing the Library of Congress as
its Chief Information Officer. I would like to start by
thanking each of you for your support to the Library and of our
IT modernization efforts.
In my short time at the Library, I have become an admirer
of our mission and work, and I am devoted to improving it. My
optimism is due in no small part to the dedicated and committed
staff at the Library, whose first priority is to provide
superior customer service for the Congress and for the American
people. I will focus today on steps we are taking to ensure
that priority is achieved.
As you know, the Library is working to implement
recommendations from the Government Accountability Office and
the Library's Inspector General regarding IT. I take their
recommendations very seriously and am confident that we will be
successful in addressing these concerns, resulting in highly
capable, agile, and customer-oriented IT services for the
Library of Congress and its customers.
So far, we have closed 51 of 74 nonpublic GAO
recommendations and 5 of the 31 public recommendations, and we
are making steady progress as noted earlier on the others.
Since my appointment in September of 2015, the Library has
made important changes at the leadership level to ensure that I
have the authority to implement positive change. The Librarian
recently directed all Library technology activities to be
centrally coordinated through the Office of the CIO.
In implementing this directive, the Library has promulgated
internal regulations, established roles and responsibilities
and other policies to ensure effective and efficient IT
management. Our plan for centralization follows current
industry best practices for streamlining IT governance,
investments, and resources. We recently updated the Librarywide
IT strategic plan to incorporate feedback from the Government
Accountability Office and the Library's IT Steering and
Executive Committees.
In addition, I am taking the lead on the Library's digital
strategy effort with full support and participation from my
colleagues. The digital strategy will address the Library's
vision for using technology to fulfill our mission.
We continue to improve the Library's IT investment
processes. For fiscal year 2018 we are incorporating technology
business management principles into our investment cycle. The
objective is to improve transparency, accountability, and IT
value delivery to meet business and mission goals.
Thanks to Congress' multiyear commitment to the Library's
data center migration, we are aggressively modernizing through
state-of-the-art offsite hosting environments that will provide
significant improvements in reliability, allow for scalability,
and enable greater focus on business applications across the
Library.
As confidential consultants to the Congress, administrator
of the national copyright system, and stewards of the Nation's
cultural history, the Library is well aware of the need to
ensure security of the digital content in our care.
Securing IT systems require proactive monitoring, testing,
incident management, as well as anticipation of future cyber-
based threats. We have created a dedicated information security
office staffed with true cybersecurity professionals to ensure
that the Library IT systems are secure. We received funding
during our fiscal year 2017 request to support this effort and
to implement multifactor authentication to further protect the
Library's network.
We are also active participants in the Legislative Branch
Cybersecurity Working Group, through which we are able to share
threat information knowledge about new technologies to improve
the legislative branch security posture.
While working to improve enterprise infrastructure and
processes, we continue to work with the Library's service units
on their specific systems and applications. These efforts will
help ensure that service units are able to rely upon a stable
IT infrastructure to meet their business needs and that the
Library has an actionable roadmap to enable patrons to access
services and information as seamlessly as possible.
Congress.gov, the official website for U.S. Federal
legislative information, has recently experienced record usage,
serving millions of unique visitors each month. LOC.gov pages
have recently been redesigned to emphasize the Library's
unparalleled collections and to highlight the Library's events,
exhibits, and staff expertise. This is the first step in
realizing the Librarian's goal for expanding discovery and use
of the fantastic resources available to all through the
Library.
In closing, the progress we have made over the last 18
months, along with my commitment to continuous improvement
moving forward, has set a foundation for outstanding IT service
to the Congress and the American people.
I appreciate this Committee's support and am happy to
answer your questions.
[The statement of Mr. Barton follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Thank you, Mr. Barton.
The Chair now recognizes Mr. Hyde for 5 minutes for your
testimony.
STATEMENT OF KURT W. HYDE
Mr. Hyde. Chairman Harper and Members of the Committee,
thank you for the opportunity to testify on the progress the
Library of Congress has made in addressing its IT deficiencies,
challenges, and the work of the OIG in this area.
Since 2011, our semiannual reports to Congress have
consistently identified IT infrastructure as the top management
challenge for the Library. I have been the IG at the Library
since the summer of 2014. Our work over this time has
emphasized that a robust strategic plan is essential to the
Library's ability to efficiently and effectively fulfill its
mission and be nimble to meet changing customer demands.
We all recognize that an agency of the magnitude and
importance of the Library, whose very essence involves
collecting and conveying information, cannot succeed in the
information age without a highly functioning and leading-edge
digital infrastructure. Changes at the senior-most levels of
both Library leadership and IT management have resulted in
momentum toward developing the foundation for a stable
infrastructure.
In our 2009 report on IT strategic planning, we found
significant issues with the Library's strategic plan and
process, customer service problems, IT investments not linked
to the strategic plan, and an organizational structure that did
not foster good IT governance.
In 2015, both GAO and my office found similar IT management
issues as identified in 2009. For example, as a consequence of
not having a strong strategic plan, the Library's eDeposit
Program, which is the Library's program to collect electronic
works, was not effectively implemented. In our 2015 report, we
identified strategic planning, leadership, and governance
issues as causes for this.
Since 2015, three significant changes have occurred. First,
the previous Librarian disbanded the old structure and
organization and created an Office of the Chief Information
Officer. Secondly, management hired a qualified CIO to lead the
Library's IT reforms, and Mr. Barton has the experience and
technical qualifications required for this position. And third,
Dr. Hayden as a new Librarian shifted the lines of reporting so
that the CIO now reports directly to her.
In taking these actions, the Library complied with
longstanding government requirements and opened the door for
the CIO to, first, become more strategically prepared and,
secondly, to dramatically change how IT provides services. The
first will take time, and the second requires a laser focus on
day-to-day operations, and the CIO is making good headway in
this area.
As we have advised the Librarian and the CIO, a concurrent
task will be to staff the CIO's office with the knowledge,
skills, and capabilities critical to achieving these goals, as
well as to contract out for services to temporarily fill the
critical gaps.
For sure, it will be a challenge to do this and steady the
ship at the same time. Fortunately, the CIO has a very
effective deputy and has brought on broad some other critical
technical executives.
The CIO and his staff have over 100 audit recommendations
that will take time to adequately address. Our focus at this
point is to look at implementation and not create additional
recommendations at the macro level.
I want to get back to strategic planning for a moment,
because it is the crux of what will make or break the Library's
success in the digital age.
As we have said in our reports, the Library does not have a
strong track record in implementing its enterprisewide
strategic plan. The imperative for the Librarian and other
Library executives is to put together a strategic plan and
implement it in a deliberate and timely manner.
This is no easy task. Once executed, it will require top-
most executives to constantly monitor the various units'
implementation and will require changes in the Library's
governance and reporting. The Library has taken the steps of
hiring a strategic planning officer to help implement this.
The plan's key components must include a comprehensive
digital services strategy and an understanding of its customer.
Presently, the Library has neither.
The Library and its CIO need a coherent, overarching
strategy that interconnectivity and customers' needs. Such a
strategy must have a good grounding of what that needs to look
and feel like from a customer's perspective, be it a Member of
Congress receiving a CRS report, e-commerce solutions for
copyright, or pushing research out and making it available to
the research community.
Great challenges lie ahead for the Library. Senior
management's commitment to change and the positive movement we
have seen in recent years makes us hopeful that the Library is
on the right course.
Thank you for the opportunity to address this Committee,
and I would be happy to answer any questions.
[The statement of Mr. Hyde follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Thank you, Mr. Hyde.
We appreciate each of you giving us your testimony, and we
will look forward to questions now.
And, obviously, we all know how the timing device works, so
I am going to recognize myself now for 5 minutes of questions.
The first question that I have, really, Mr. Hyde, you just
mentioned that the Library of Congress had hired someone to do
the strategic planning. Who is that person?
Mr. Hyde. That is Diane Haughton.
The Chairman. Okay.
Mr. Hyde. And she has extensive experience in that area.
She has started up the risk management process as well as
assisting and helping the Librarian implement the envisioning
process.
The Chairman. And as the IG, are you satisfied, then, with
her qualifications and with the effort she thus far is making?
Mr. Hyde. I am. She is very qualified.
I think one of the things that you had mentioned in your
opening statement was is there necessary support available. And
I think that the Library, and we have talked about this with
both the Librarian and the CIO, is that they need to hire
contract support for this. They need to bring in a qualified
firm to help them with the digital services strategy as well as
an enterprisewide strategy.
The Chairman. Okay. Now, I think it is pretty ambitious,
obviously, and that is good, trying to close these
recommendations. What are the challenges or barriers or
opportunities, perhaps, that your office anticipates for the
Library to close each of the remaining 26 recommendations?
Mr. Hyde. I think it is time. When the CIO first came on
board as well as before the new Librarian came on board, I met
with the then Chief of Staff, Robert Newlen, who is now the
Deputy Librarian, and I said, these are not quick fixes, these
are 3 to 5 years it will take to implement many of these
recommendations, and just do it at deliberate speed and
grouping them in a very logical way.
The Chairman. Okay. So the report was that there would be
an attempt to close out 22 of those 26 remaining before the end
of this year. Is that likely, or are these ones that can be
done in that period of time?
Mr. Hyde. Well, I think the GAO recommendations, I think
they have been working with GAO on a regular basis, weekly
meeting with GAO to close those. And some of these can be
closed relatively quickly, and that is like putting in the
right structure.
The Chairman. Sure. And so if that happens, and if my math
doesn't fail me, there are 26 left; we do 22 of them by the end
of the year, that leaves 4 of the recommendations to be
completed. And are those ones that you are saying would take
years to do?
Mr. Hyde. For ours, I think that you have the strategic
planning element, the cost controls that are needed, the
identification of the right infrastructure, the server
infrastructure that is needed, cloud decisions, for example,
that would take longer. But the others can be relatively
quickly.
The Chairman. Mr. Barton, if I could ask you, as we look at
this, would you talk about your plans to address those
remaining GAO recommendations? Your testimony highlights
changes the Library is making. But talk about the steps the
Library is making to fulfill those recommendations. Just give
us some specifics there.
Mr. Barton. Yes, sir. The Deputy CIO and GAO counterpart
meet on a weekly basis to discuss the outstanding GAO
recommendations. We are very confident that the target dates we
have set we will meet.
Although, I would like to say that the primary goal from my
perspective is not just to close the recommendations. The
recommendations are great, and they are a good roadmap. My
intention is that we take those recommendations and view them
as an opportunity to get ahead of future issues, right?
So this is not a check the box, get the recommendations
closed issue that I am trying to address. It really is setting
the Library up for success in the future, not just to get to
the recommended goals.
The Chairman. So not necessarily to check the box and say
it is done, but to make sure you have done that but you
continue for the future to make sure that we don't get into
another situation with many recommendations that need to be
done?
Mr. Barton. Yes, sir.
The Chairman. Okay. That is great.
And I realize my time is almost up. So at this point, I
will now recognize the gentlelady from California, Ms. Lofgren,
for 5 minutes for questions.
Ms. Lofgren. Thank you very much.
Mr. Barton, after you were hired and Mr. Mao became the
acting Librarian, you both started working together and
redefining the Office of the CIO and consolidating IT. Were
there particular units or personalities that were opposed to
some of your proposed modernization and centralization plans?
Mr. Barton. Thank you for the question, ma'am.
Opposed may be a stronger word than I would use. Many of
the service units have some concerns. They, and rightfully so,
are very mission focused, and the Library's track record on
supporting those missions is mixed.
I have committed to each of the service units that they
will not experience a degradation in IT services as we
implement this centralization and that we will allow them to
spend more of their time on their mission-oriented IT needs and
less time on the general day-to-day IT requirements that any
organization has, in email and word processing----
Ms. Lofgren. So is it your view at this point that,
basically, everybody is on board with the plan?
Mr. Barton. Yes, ma'am, it is my view. And I have regular
meetings with each of the service unit heads, and each one of
them has expressed the desire to make this be successful. There
are still remaining concerns that we are addressing on a weekly
basis.
Ms. Lofgren. That is great news.
In your testimony, you indicated that you are working with
the Copyright Office to rework their IT modernization plan.
That is really important to my district. We have large software
and small software companies that rely on the Copyright Office
and are desperate that the modernization has not yet been
accomplished.
The first version of the plan failed to consider the work
being done in the Library, as I understand it. Was that a
mistake?
Mr. Barton. I think it missed an opportunity to take
advantage of existing IT infrastructure and the ability for
focusing specifically on mission requirements as opposed to
infrastructure requirements.
Ms. Lofgren. So at this point it is my understanding that
the Copyright Office's modernization plan will leverage and
coordinate with the Library's organizationwide strategic plan.
Will that save money compared to the other plan?
Mr. Barton. I anticipate that it will. I would like to say
that we are having weekly meetings with the Copyright Office
now to discuss how we are going to modernize their actual
modernization plan. That is being very productive.
Ms. Lofgren. Good.
Mr. Barton. We are making good progress.
Ms. Lofgren. Is it going to save time, you think?
Mr. Barton. I would be very surprised if it did not save
time.
Ms. Lofgren. Good.
What kind of impact, if any, does not having a permanent
Register have on the progress that you are making?
Mr. Barton. It would be hard for me to judge that.
Ms. Lofgren. Okay.
Mr. Barton. But I would say that the current Register and I
meet twice a month.
Ms. Lofgren. The Acting Register.
Mr. Barton. And we are having very detailed discussion
about her needs and how we can use IT at the Library to meet
those needs. I feel that as long as she feels empowered to make
decisions, that we will be successful going forward. That would
be a question she----
Ms. Lofgren. Okay. Maybe I should ask Dr. Hayden.
It was my understanding that your plan was to post the
Register of Copyright's opening on the USAJOBS site last April
with a plan to hire in 60 days, but I don't think the opening
was ever posted.
What caused the delay in hiring the Register? And what kind
of impact does not having an appointed Register have, do you
think, on the Copyright Office's ability to modernize? It is
very important that that proceeds.
Ms. Hayden. The Library has worked directly with Congress
on the Register position, and at this point the search and the
process for having a permanent Register has been suspended. And
in the interim----
Ms. Lofgren. Because of the bill that passed the House?
Ms. Hayden. It is a congressional decision. And in the
interim, we have worked--and I want to say and echo what Mr.
Barton said about working with the Acting Register on making
sure that we continue the momentum on modernizing the office
and the processes. That is critical, and that needs to happen
regardless.
And so we have taken the lead, basically, on making sure
that that continues while we wait for Congress to make a
decision on the----
Ms. Lofgren. My time is up, but I am glad to hear that we
are just proceeding and making the decisions in the absence. I
think the bill was a mistake, as I said publicly, but the fact
that it passed the House doesn't mean anything. I mean, most of
the bills we send to the Senate die there. So I am hoping that
we don't mess up the modernization effort in that key element
of the Library, and I am very, very reassured by your comments,
Dr. Hayden.
Ms. Hayden. Thank you.
Ms. Lofgren. And I yield back.
Mr. Davis [presiding]. Thank you. I completely agree with
my colleague. Many things we pass just do die in the Senate.
But I do want to say thank you to Dr. Hayden. And I
appreciated your responses to Ms. Lofgren's questions,
especially about respecting what may or may not happen in this
institution. Your willingness to work with us here in this
Committee on issues that are related to infrastructure
inventory, IT today, and also your willingness to work with us
on issues that may have jurisdiction in other Committees that
members may serve on has been a breath of fresh air for me.
Personally, it has been great to get to know you. I look
forward to continuing to work with you to address some issues
that are in my district that you are very familiar with because
of your time spent in my district too.
So thank you very much for your responses.
Ms. Hayden. Thank you.
Mr. Davis. I am going to actually not ask you any
questions. I am going to go to Mr. Hyde instead.
Ms. Hayden. Okay.
Mr. Davis. But thank you, Dr. Hayden.
Mr. Hyde, I think you are probably more appropriate to
answer the question that I have. It is really about inventory.
Before you can set a strategic plan to continue to buy and
upgrade new products, I guess we have to make sure that we have
an inventory of the products that were already purchased and
used and may or may not still exist within the Library to make
sure we got it right. That is something that I think many
Member offices forget to really truly manage, and there comes a
time when they have to get their inventory straight too.
You have much more and a much larger inventory than each of
us do as Members of Congress, but that is why we in the House
and this Committee, in particular, have really tried to strive
to put together a Leg. branchwide purchasing operation, so that
institutions like yours that have a larger facility, larger
needs, can also take advantage of better systems.
So I want to ask you, Mr. Hyde, how would you assess the
state of inventory management and capacity planning at the
Library right now?
Mr. Hyde. I think there are two components to that. One is
from an IT perspective, and that, I think, that the CIO's
office is getting their arms around. That was one of the issues
that GAO brought up and that we brought up a while ago.
Mr. Davis. So GAO, if you don't mind me interrupting, had
identified 18,000 computers, and you really only had physically
about 6,500?
Mr. Hyde. Right. And Mr. Barton can answer the specifics on
this, but I think that that is correct. There is a challenge
between the recordkeeping and the actual inventory and what
things have been that are old and not used and not needed
anymore. And I think that that is what was the challenge at the
Library.
Mr. Davis. Does your disposed inventory go to the GSA?
Mr. Hyde. No, I think there is a--I don't know that answer.
I can get that to you. But I think there is flexibility on what
they can do with the inventory.
Mr. Davis. Okay. What steps has the Library taken to more
accurately account for the IT resources?
Mr. Hyde. Right. Well, he has a team. As a matter of fact,
they have been recently just talking to me about different ways
to efficiently record that inventory. And so they are taking
action and they are trying to get their arms around it. And
also determining the smaller pieces, do we really spend our
time on the smaller pieces versus the larger elements, and they
are working towards it.
Mr. Davis. Mr. Barton, do the current regulations and
processes for acquisition management allow your office to
acquire the needed IT services effectively and easily?
Mr. Barton. Easily would be a matter of----
Mr. Davis. Well, nothing is ever easy in acquisition,
unfortunately.
Mr. Barton. Exactly. So we have not had any circumstances
where we have not been able to get the items or services,
equipment, that we need. There is always room for improvement
in those types of processes. But I am satisfied with the
current acquisition process with the Library.
Mr. Davis. To what extent will the GAO recommendations
improve or hinder that effectiveness?
Mr. Barton. There have been several suggestions and
implemented suggestions from the GAO primarily regarding
contract phrasing, required clauses within contracts, dealing
with security, dealing with the ownership of data or property
of the government whenever we enter into contracts. So that was
a very practical help from the audits.
Mr. Davis. All right. My time is running out, so I have a
couple of quick questions to ask you, Mr. Barton.
How soon do you anticipate closing recommendations related
to this area in the GAO study?
Mr. Barton. I will have to take that for the record, sir,
but we do expect that we will be closing the vast majority by
the end of this calendar year.
Mr. Davis. Okay. How are you using the Legislative
branchwide acquisition process?
Mr. Barton. That is a very good question. We are using Leg.
branchwide acquisition capabilities whenever it is possible and
makes sense for us. In fact, most of the contracts that we are
writing ourselves these days are open for the rest of the
Legislative branch to use.
Mr. Davis. Well, thank you. My time has expired. And I have
to go to another hearing, so Mr. Loudermilk is going to take
over and ask his questions from here.
Thank you very much.
Mr. Barton. Thank you.
Mr. Loudermilk [presiding]. I apologize for the delay with
the change there. It was unexpected. But I now recognize myself
for 5 minutes for questions.
Mr. Barton, I want to talk and continue the conversation we
were having about the GAO report, which was, I guess, published
in March of 2015. Is that correct?
Mr. Barton. Yes, sir.
Mr. Loudermilk. Specifically on the 10 items or
recommendations made regarding information security--or
management, the information security management-- to date, from
what it appears, is only 1 of the 10 recommendations has been
completed. Is that correct?
Mr. Barton. Of the public recommendations, yes, sir.
Mr. Loudermilk. Okay. And 5 of those, number 20, 21, 23,
26, and 28, were actually scheduled to be completed in December
of 2016. What is the delay on those and what is the status?
What is the new estimated date of completion of those items?
Mr. Barton. So I will take for the record the actual new
estimated completion dates. I do not have that information
right at my fingertips.
[The information follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Barton. In general, the reason that we have delays from
originally scheduled dates, twofold. Either we get into the
fixing of those recommendations and determine that it was much
more difficult or complex than what we anticipated or the
Government Accountability Office has determined that they need
to have more details than what we have provided on the initial
submission.
It is very much an interactive process with the GAO and the
Library. What may not be known is that their actual audit was
the broadest audit that they had ever done for any organization
across the Federal Government. And so there are many details
that have to be worked out, and we have very ongoing
conversation on correcting those issues.
Mr. Loudermilk. Okay. Of course, our concern has been there
has been quite a good amount of time that has transpired since
March of 2015 even till the completion date that was estimated
of December 2016. Now we are in June of 2017. And some of those
are pretty critical items, such as ensuring that everyone that
has access to the IT system has their required training and
documented. So some of those seem pretty important to get done
as quickly as possible.
Let me transition over to another incident that happened at
the Madison Data Center, when there was an issue. You
experienced some system outages. But a decision was made not to
fall over to the backup facility. Why did you decide not to go
to the backup facility in that incident?
Mr. Barton. That was actually the week I started at the
Library.
Mr. Loudermilk. Okay.
Mr. Barton. So that was a good welcoming package. And as
Mr. Hyde noted, I have a very capable deputy, who is sitting
behind me today, and she was on top of this issue to begin
with.
Without going into too much detail, there were security-
related concerns, which prevented us from being able to switch
over to our alternate computing facility.
Mr. Loudermilk. Okay. Have those security concerns been
addressed and resolved?
Mr. Barton. Yes. And as a matter of fact, we conducted the
largest fail-over exercise this past year, and we took all of
the critical systems for the Library and failed them over to
the alternate computing facility with the security requirements
in place, and we were functioning as we should be.
Mr. Loudermilk. And so the fail-over was successful?
Mr. Barton. Yes.
Mr. Loudermilk. Was there any significant delay in the
fail-over? So if we were to have another incident today, we
would be able to fail-over to the alternate facility without
any disruption of service?
Mr. Barton. Yes, sir.
Mr. Loudermilk. Okay.
Back in July of last year, coming up on a year, the Library
had a denial-of-service attack, which, of course, disrupted the
services and the websites. What has been taken to protect
against these denial-of-service attacks and other related
service interruptions?
Mr. Barton. As you are aware, the cyber threat is
constantly evolving. We have procured services that allow us to
mitigate significant volume of denial-of-service attack.
Without going, again, into too many details on the security
side of things, we are confident that for any significant
anticipated type of volume of attack, we have put in place the
procedures and services that allow us to mitigate those
concerns.
Mr. Loudermilk. Okay. My time is expiring, and if you could
get back with the Committee on the new dates on the information
security management, of the 10, of what those anticipated dates
are, it would be appreciated.
Mr. Barton. Yes, sir.
The Chairman [presiding]. I want to thank each of you for
your testimony.
I have a follow-up question, Mr. Barton, if I could ask.
How are you establishing actual business requirements and
the appropriate level of service needed to meet those
requirements? For example, key systems, like Congress.gov and
copyright customer facing systems, should have very high
expectations while others might need less.
Mr. Barton. Thank you, sir. As you may or may not be aware,
there are standards established by the NIST, National Institute
for Standards and Technology, that we follow. And we are really
involved with the organization that requires the services.
For example, the Copyright Office has their eCO system that
it uses for registration, and Copyright would be the
determining organization as to what is the level of service
that is required for their capability. The same with the CRS.
So we understand that whenever Congress is in session, CRS has
to be functioning.
So we look at each application on a case-by-case basis, and
we have, essentially, a checklist that we go down. And we ask
the system owners, do you need this type of capability and
response time?
So it is a very integrated approach, collaborative with the
organization that is providing the capability, and I think it
is working out fairly well at this point. We still are dealing
with a lot of legacy concerns that we are addressing as quickly
as we can.
The Chairman. How do you measure that performance, not only
on meeting not only the service end user expectations, how do
you measure that?
Mr. Barton. That is an ongoing development effort for us.
We do have a service desk where people call, and they will open
up tickets, and we ask them to evaluate how they are satisfied
with the service that they receive. That has always been, at
least in my tenure, a fairly positive experience. The vast
majority, over 95 percent of the responses we receive, are very
positive. So that is one way we measure them.
Another way that we are looking at, and we have a service
management process that we are implementing for the Library
that deals with across the board spectrum of all IT services,
and that will establish service level agreements within our
service catalogue, which will be automated, how we monitor
those based on server up times, response time to request for
Web services, those types of things. So both a combination of
asking the recipient of the service and monitoring the
automated systems so that we can establish what is our baseline
and then improve the performance from the baseline.
The Chairman. Thank you.
And in light of that, Ms. Lofgren, do you have any follow-
up questions?
Ms. Lofgren. No.
The Chairman. I had one last quick question for you, Dr.
Hayden, before we stop. How do you recognize employees who go
above and beyond? Is there some way that you do that?
Ms. Hayden. The first person that, I must say, I would
recognize immediately would be Mr. Barton and commend him for
the work he has done. During my confirmation hearing, I
mentioned Mr. Barton assuring me that technology would not be a
problem, and that has been borne out.
And so recognition comes, of course, for the entire staff
in many ways, sometimes actual additional compensation in
various forms, but definitely recognition and holding them up.
And there are award programs that I have participated in where
people are recognized.
The Chairman. I now recognize Ms. Lofgren.
Ms. Lofgren. Not a question, just an observation.
Obviously, the Library is a very big operation. There are
hundreds of employees. You know, morale in the past has been a
problem. But I have just had random Library employees come up
to me and really express great pride and satisfaction in the
work they are doing, and I think it is a real credit to your
leadership, Dr. Hayden. I wanted to share that with you. And I
think the fact that so many employees are happy and full of
pride in their work and come up and tell a Member of Congress,
that actually speaks to a lot about what you are doing. So
thank you for it.
And I will yield back.
The Chairman. The gentlelady yields back.
In light of what I think is some good progress and what we
are trying to accomplish, I would anticipate we will revisit
this issue maybe early next year, since we have a lot of these
recommendations that we are working on, and kind of measure
where we are at that point.
Without objection, all members will have 5 legislative days
to submit to the chair additional written questions for the
witnesses, which we will forward and ask the witnesses to
respond as promptly as they can so that their answers may be
made a part of the record.
Without objection, the hearing is adjourned.
Ms. Hayden. Thank you.
[Whereupon, at 10:53 a.m., the Committee was adjourned.]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]