[House Hearing, 106 Congress] [From the U.S. Government Publishing Office] ESTABLISHING A FEDERAL CIO: INFORMATION TECHNOLOGY MANAGEMENT AND ASSURANCE WITHIN THE FEDERAL GOVERNMENT ======================================================================= HEARING before the SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, INFORMATION, AND TECHNOLOGY of the COMMITTEE ON GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTH CONGRESS SECOND SESSION __________ SEPTEMBER 12, 2000 __________ Serial No. 106-261 __________ Printed for the use of the Committee on Government Reform Available via the World Wide Web: http://www.gpo.gov/congress/house http://www.house.gov/reform U.S. GOVERNMENT PRINTING OFFICE 74-562 WASHINGTON : 2001 _______________________________________________________________________ For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001 COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania JOHN L. MICA, Florida PATSY T. MINK, Hawaii THOMAS M. DAVIS, Virginia CAROLYN B. MALONEY, New York DAVID M. McINTOSH, Indiana ELEANOR HOLMES NORTON, Washington, MARK E. SOUDER, Indiana DC JOE SCARBOROUGH, Florida CHAKA FATTAH, Pennsylvania STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland MARSHALL ``MARK'' SANFORD, South DENNIS J. KUCINICH, Ohio Carolina ROD R. BLAGOJEVICH, Illinois BOB BARR, Georgia DANNY K. DAVIS, Illinois DAN MILLER, Florida JOHN F. TIERNEY, Massachusetts ASA HUTCHINSON, Arkansas JIM TURNER, Texas LEE TERRY, Nebraska THOMAS H. ALLEN, Maine JUDY BIGGERT, Illinois HAROLD E. FORD, Jr., Tennessee GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois DOUG OSE, California ------ PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont HELEN CHENOWETH-HAGE, Idaho (Independent) DAVID VITTER, Louisiana Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director James C. Wilson, Chief Counsel Robert A. Briggs, Clerk Phil Schiliro, Minority Staff Director ------ Subcommittee on Government Management, Information, and Technology STEPHEN HORN, California, Chairman JUDY BIGGERT, Illinois JIM TURNER, Texas THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania GREG WALDEN, Oregon MAJOR R. OWENS, New York DOUG OSE, California PATSY T. MINK, Hawaii PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California J. Russell George, Staff Director and Chief Counsel Ben Ritt, Professional Staff Member Bryan Sisk, Clerk Trey Henderson, Minority Counsel C O N T E N T S ---------- Page Hearing held on September 12, 2000............................... 1 Statement of: Atkinson, Robert D., director, technology & new economy project, Progressive Policy Institute...................... 180 Doll, Otto, Commissioner, Bureau of Information & Technology, State of South Dakota, president, National Association of State Information Resources Executives..................... 129 Flyzik, Jim, Deputy Assistant Secretary, Information Systems, Chief Information Officer, U.S. Department of the Treasury, vice chairman, Chief Information Officers Council.......... 114 Ink, Dwight, president emeritus, Institute of Public Administration, former Assistant Director for Executive Management, Office of Management and Budget (1969-1973).... 212 Katzen, Sally, Deputy Director for Management, Office of Management and Budget...................................... 6 McClure, David, Associate Director, Governmentwide and Defense Information Systems, U.S. General Accounting Office 17 Rummell, Paul E., president and chief executive officer, RLG Netperformance Inc., former chief information officer for the Government of Canada................................... 173 Scherlis, William L., principal research scientist, School of Computer Science, Carnegie Mellon University............... 210 Letters, statements, etc., submitted for the record by: Atkinson, Robert D., director, technology & new economy project, Progressive Policy Institute, report entitled, ``Digital Government, the Next Step to Reengineering the Federal Government,''...................................... 183 Doll, Otto, Commissioner, Bureau of Information & Technology, State of South Dakota, president, National Association of State Information Resources Executives, prepared statement of......................................................... 132 Flyzik, Jim, Deputy Assistant Secretary, Information Systems, Chief Information Officer, U.S. Department of the Treasury, vice chairman, Chief Information Officers Council, prepared statement of............................................... 118 Ink, Dwight, president emeritus, Institute of Public Administration, former Assistant Director for Executive Management, Office of Management and Budget (1969-1973), prepared statement of...................................... 215 Katzen, Sally, Deputy Director for Management, Office of Management and Budget, prepared statement of............... 10 McClure, David, Associate Director, Governmentwide and Defense Information Systems, U.S. General Accounting Office, prepared statement of.............................. 19 Rummell, Paul E., president and chief executive officer, RLG Netperformance Inc., former chief information officer for the Government of Canada, prepared statement of............ 175 ESTABLISHING A FEDERAL CIO: INFORMATION TECHNOLOGY MANAGEMENT AND ASSURANCE WITHIN THE FEDERAL GOVERNMENT ---------- TUESDAY, SEPTEMBER 12, 2000 House of Representatives, Subcommittee on Government Management, Information, and Technology, Committee on Government Reform, Washington, DC. The subcommittee met, pursuant to notice, at 10 a.m., in room 2154, Rayburn House Office Building, Hon. Stephen Horn (chairman of the subcommittee) presiding. Present: Representatives Horn, Davis, and Turner. Staff present: J. Russell George, staff director/chief counsel; Randall Kaplan, counsel; Ben Ritt, professional staff member (GAO); Bonnie Heald, director of communications; Bryan Sisk, clerk; Elizabeth Seong, staff assistant; George Fraser, intern; Trey Henderson, minority counsel; and Jean Gosa, minority assistant clerk. Mr. Horn. A quorum being present, this hearing of the Subcommittee on Government Management, Information, and Technology will come to order. While we're having you all stand why don't we take the oath of office, as you know, for your testimony. [Witnesses sworn.] Mr. Horn. The clerk will note that all of the witnesses have affirmed the oath. I'll now make an opening statement, followed by the ranking member, the gentleman from Texas, Mr. Turner; and then we'll go down the line. I might say to you what we said to the witnesses yesterday, you put wonderful statements in before us. We and the staff have had a chance to read it; and we're very grateful to you for--especially some of the ones that are out of town here. I think with the CIOs at the States that was very useful information. But we'd like you to summarize it in 5 minutes. Because what we want is a dialog here between the Members and between you. That way we get the best information out of it. So try to think about what are your key points after we start the opening statement. Yesterday, this subcommittee examined the government's efforts to protect its computers and the sensitive information they contain. We heard testimony from the General Accounting Office that widespread deficiencies in computer security exists at a large number of Federal departments and agencies. Some of the problems include poor implementation of policy and procedures and the lack of a coordinated security program among the departments and agencies. Within recent memory two government agencies, the Federal Aviation Administration and the Internal Revenue Service, wasted more than $7 billion on huge new computer systems that were ultimately scrapped because they could not deliver the services that it promised. Taxpayers cannot afford to have those management mistakes and the flagrant losses repeated. We will examine two bills today that would establish a Federal Chief Information Officer and centralize management of the government's vast information resources: H.R. 4670, introduced by the subcommittee's ranking minority member, Representative Jim Turner of Texas; and H.R. 5024, introduced by subcommittee member Representative Tom Davis from Virginia. I look forward to learning more about both proposals, and I'd like to welcome our witnesses today and look forward to their testimony. I now yield time for an opening statement from the gentleman from Texas, Mr. Turner. Mr. Turner. Thank you, Mr. Chairman. I want to thank you for allowing us to have this hearing on this issue that I think is of utmost importance. The information technology revolution of the last decade has had, as we all know, a profound impact on almost all aspects of our society. While the private sector has been quick to capitalize on the new opportunities created by the digital revolution, it is widely acknowledged that the Federal Government is behind the curve. The fact is, information technology offers as much to our government as it does to the private business. Among other advantages, it will allow us to literally put government at the fingertips of our citizens. A working e-government will mean that citizens can finally go online quickly and easily, instead of spending hours standing in long lines or waiting on hold to get the answers they need from government. E-government can make government more customer friendly and, if we do it right, more cost-effective, saving millions of dollars for our taxpayers. The information technology revolution also presents the Federal Government with one of the greatest management challenges we have ever seen. There is no doubt, however, that here in Washington we can misspend large amounts of money in incorrectly addressing the challenge. Just yesterday this subcommittee held a hearing on computer security, and numerous witnesses stressed the need to have cross-agency initiatives put in place rather than rely on each separate agency to duplicate the investment in finding solutions. With the enactment of the Clinger-Cohen Act in 1996, all individual Federal agencies have a CIO, but the Federal Government as a whole does not. As the individuals responsible for providing information technology advice and policy recommendations, developing and facilitating information systems as well as evaluating and assessing those systems, the Federal Chief Information Officers play an essential role in fostering a digital government. The role of the agency CIOs has been very positive. However, because of a lack of central authority and funding, there is little agency coordination when it comes to establishing crosscutting digital government applications. We hear a lot today about the digital divide. In the Federal Government there is a different kind of digital divide where each separate agency pursues the application of information technology without the benefit of significant government wide leadership. In an effort to close the Federal Government's digital divide I've introduced H.R. 4670, which would create a framework for a Federal Chief Information Officer located in the Executive Office of the President. The position would report directly to the President and direct the process of developing an aggressive digital government conversion plan. He or she would have a small staff and a budget independent of individual agencies to help drive the next generation of digital government, much of it involving cross-agency applications. The Federal CIO would also take the lead in shaping the administration's policy regarding the Internet and computer security. The Federal CIO would select the best ideas for e- government, develop pilot programs and test them in selected agencies and establish priorities for the application of information technology to improve government. The Federal CIO would be the lead coordinator to forge stronger digital partnerships with State and local governments. I commend the chairman for having this hearing; and I commend my colleague, Tom Davis of Virginia, who has introduced his own bill on this topic. I realize that there are issues surrounding where the Federal CIO will be located and what specific statutory authority he or she may be given. This discussion requires careful consideration of the current statutory responsibility of the Office of Management and Budget and an analysis of the current role of the OMB's Deputy Director for Management, who's here today. We appreciate the good work and input that Ms. Katzen has given us and OMB's Office of Information and Regulatory Affairs. OMB's budget and oversight role over all executive functions clearly includes information technology, and it is not my intent to fail to acknowledge the fine work the office has done. Rather, with this legislation I seek to enhance the capability for leadership and the effective and timely application of information technology to government. There are several points that I believe are essential to the success of a Federal CIO. These include a high-profile leadership role to elevate the visibility and focus of information technology and who reports directly to the President. Second, the establishment of a good working relationship with OMB and the Federal agency CIOs. And, third, direct access to funds to ensure the capability to carry out meaningful initiatives. This hearing affords the first opportunity in this Congress to consider the concept of a Federal CIO. Both Presidential candidates have publicly expressed their support for a new position with a defined focus on e-government. This is clearly an idea whose time has come. It is my hope that this hearing will move us forward on this idea, solidify our resolve to maximize the potential of information technology in government and more clearly define the structure that this position should take to maximize its effectiveness. In government, we have a clear need to meet the challenge of the digital age. It is not just a matter of resolving conflict; it is a question of whether or not we will take advantage of the phenomenal growth of information technology, whether we will make dot-gov as commonplace as dot-com. Again, I commend the chairman for the opportunity to have this hearing, and I look forward to hearing from each of our witnesses. Mr. Horn. I thank the gentleman and now yield opening time for the gentleman from Virginia, Mr. Davis, who has another proposal in this area; and I'd like him to expand on that now. Mr. Davis. Thank you. Mr. Chairman, I want to, first, thank you for your responsiveness in holding this hearing today to examine the merits of establishing a Chief Information Officer for the Federal Government based on proposals introduced by both myself and my colleague Mr. Turner. I also want to express my deep appreciation to our ranking member for his foresight in focusing on an issue which I believe is critical to improving the ability of government to be an efficient user, coordinator, manager, disseminator and protector of information resources, particularly with respect to information technology. I'll spend my few minutes highlighting the dominant themes which shaped my proposal, the Federal Information Policy Act, to create a Federal CIO who is vested with the primary authority to coordinate information resources management within and amongst all Federal agencies, including the implementation of effective, mandatory controls over government information security through a new Director of Information Security and Technical Protection. A decade ago, technology stood as one of many factors important to the mission and performance objectives of the Federal Government. But no longer is technology one of many. Instead, the Information Revolution and the ever-evolving technologies that support its collection, assimilation and communication have become integral to the functioning of our government. The past 5 years alone are testimony to a remarkably fast-paced change in the ability of Americans to communicate and access information through the personal computer and the Internet. It's the responsibility of the Federal Government to adapt its institutional processes of the old age to the new economy and become a national model for information resources management and information security practices through the acquisition and use of information technology. The current processes appear to lack a focused, coordinating body to implement effective IRM policies and develop a common strategy for interagency efficiency and cooperation. Although the Office of Management and Budget has responsibility for information resources management governmentwide, I'm deeply concerned that OMB, through the Office of Information Regulatory Affairs, is simply unable to devote the attention needed for carrying out effective information resources management as directed under current law. For instance, in July 1998, the General Accounting Office [GAO], examined two of the IRM-related responsibilities assigned to OMB in the Paperwork Reduction Act and delegated to OIRA but found that OIRA had not satisfied either of them. Those responsibilities were developing a governmentwide IRM plan and periodically reviewing a selected agency's IRM activities. And last year the GAO found that improvements in broad IT management reforms will be difficult to achieve without effective agency leadership, highly qualified and experienced CIOs and effective OMB leadership and oversight. If we can't get the management of our information resources in order, how are we ever going to be able to implement the electronic government initiatives supported by this subcommittee and the Congress, as well as by the administration, that will allow American citizens to communicate more easily with their government? A critical component of protecting information resources is the governmentwide coordination and implementation of proven information security practices. Currently, responsibility for overseeing computer security procedures and reviews is handled by a number of agencies including OMB, the National Institute of Standards and Technology, the General Services Administration, and the National Security Agency. Notwithstanding the number of agencies involved in various aspects of information security, there is an abundance of evidence highlighting the vulnerabilities of Federal computer systems in both internal and external intrusions. First and foremost is the portrait that emerged as a result of the subcommittee's hearing yesterday in computer security in which the Federal Government received an overall grade of D minus. As well, at a March 29th hearing, GAO cited earlier findings that 22 of the largest Federal agencies were providing inadequate protection for critical Federal operations and assets from computer-based attacks. GAO reported that within the past year it was able to identify systemic weaknesses in the information security practices of the Department of Defense, the National Aeronautics and Space Administration, Department of State, and the Department of Veterans Affairs. In each instance sensitive data and/or mission-critical systems were penetrated by unauthorized users. In early August, the Washington Post reported that the State Department had to warn its employees about downloading large MP3 sound files on their workstations and the, ``adverse effect on the networks as these files enter the e-mail system.'' Part of the best information security practices is endowing your employees with the necessary awareness of methods for security intrusions, such as downloading unknown files and introducing them into a computer network. Two days later, in discussing the persistent threat of computer hackers to the Department of Defense, the Washington Post reported that it is highly--it was highly probable that at least some of the 22,000 attacks last year were mounted by foreigners probing U.S. security gaps. These facts alone prompt serious concerns about the integrity of the most basic access controls for Federal information systems. Mr. Turner and I have established a strong basis for working together with the members of the subcommittee, the administration, and the private sector to secure the ability of our Federal Government to better manage its information resources and fully utilize information technology to better serve American citizens. Our legislation is similar in that each bill gives the CIO top-level authority and direct access to the President and also codifies the CIO Council. While Mr. Turner's bill envisions the Federal CIO as acting as an advisor, resource and visionary for information technology management, my legislation goes several steps beyond and further encompasses all the information resources management functions that rely on IT and which are critical to building a government that can serve its citizens in a digitally driven world. The Federal Government is fast falling behind the curve, and I strongly believe that establishing an empowered CIO is essential to achieving that goal. I want to welcome our panel of witnesses today and look forward to hearing their perspectives and suggestions for succeeding in making the Federal Government a leader and innovator in the management, promotion and protection of government information systems. Thank you. Mr. Horn. We thank you. We now move toward our witnesses. The first witness will be the Honorable Sally Katzen, the Deputy Director for Management, Office of Management and Budget. We'll give the administration 2 extra minutes as a matter of reciprocity and curtesy. So we're glad to see you here. STATEMENT OF SALLY KATZEN, DEPUTY DIRECTOR FOR MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET Ms. Katzen. I'm glad to be here. I'm delighted to be here. I have waited a long time for the opportunity to return to testify before you and, as in the past, you've picked a great issue to focus on. As Mr. Turner noted, there is no doubt that IT plays a fundamental role in our endeavor to create a government that's more accessible and more responsive to the public. Nor is there any doubt about the other types of advantages that IT can bring. It can also bring significant challenges such as security and privacy and accessibility. So today the questions of how to manage and fund Federal information technology enterprise are among the most critical facing Federal managers. And unlike the Y2K problem, which is the background for suggestions, from some people at least, about a Federal CIO, dimensions of information policy and technology oversight responsibilities are ever-expanding and involve every aspect of the government's operations--or at least they should involve every aspect of the government's operations. Now in my written testimony I devote many pages to the administration's record of managing the IT effort, and I won't repeat that here. I do want to make three observations. One, while we do not have someone with the title Federal CIO, many if not all of the responsibilities identified have been carried out through OMB, through the Office of the DDM, through the Office of the Administrator of the Office of Information and Regulatory Affairs; and I think we've done a very good job. Over the last 7\1/2\ years, we--with support from the President and the Vice President, we have focused on what have been the most important issues at the time. The early part of the decade we were focusing on systems, and the FAA and the IRS that the chairman cited have been turned around as we focus on customer off-the-shelf types of things, modular development, ``Raines rules'' that we have been using. We then turned our attention, as this subcommittee well knows, to Y2K. And despite initial concerns that we would never meet the date change and some very bad grades on report cards, we were highly successful in that effort with your help and with the help of others. And, finally, we have turned in the last year to focus on some of the other issues, the paramount one being e-government but also computer security. Capital planning, data sharing are subjects which we will probably come up with. The second point is while I think we have been very successful we have done a lousy job of communicating how much progress we've made. People are often surprised when they make a suggestion and learn we're already doing it. I listen to some of the things that have been cited as we need to do and I think to myself, we are doing it. We're just not being very effective in telling people about it. Whether it's management tools like sharing savings, whether it's spacial types of data, the FirstGov, the digital signatures, and indeed the CIO Council, which you'll hear more from Mr. Flyzik, every agency is not reinventing the wheel. We have an effective forum for sharing best practices and carrying forward. We are not doing a very good job of telling people about it. And the third point that I'd like to make is that our success is due not only to leadership from the top, and I'm referring here to the President and Vice President, and from leadership from the Congress, and your committee has been outstanding in that regard, but also because of the hard work of the many people at the agencies and their leaders who understand how IT fits into their mission and programs to provide a better and more effective government. This was a salient fact of Clinger-Cohen which gave the agency head responsibility for investment decisions of IT because they know how IT fits with their missions. Now, with respect to the subject of this hearing, everybody agrees on the importance of promoting and managing Federal IT; and everyone agrees that there should be a higher level of visibility and a more enhanced effort. There are different views about how to get the job done. As the chairman mentioned, one that has some currency now is to enact legislation that would create a new Federal CIO. As my testimony indicates, I think the real questions go to what the leaders of the Federal IT enterprise should do and how they should do it. I thought Mr. Turner asked all the right questions. I hope we'll have a chance later to start explaining what it is that we are doing in that area. But because IT is integral to every operation of government, we think IT leadership must be part and parcel of the government's budget and program decisionmaking process. In other words, the strategic management of Federal IT resources should not be separated from other management and budget concerns. It must be integrated. It is imperative, we believe, that officials with accountability for IT have direct influence over the spending and execution of IT investments. Severing the tie between responsibility for oversight of IT and budgeting for IT would undermine both and retard the progress that both the Congress and the executive branch recognize as essential. Indeed, separating the Office of Management and Budget from the management and budgeting for Federal IT is like taking the oranges out of orange juice. What's left is drinkable, but it's neither tasty nor nutritious. OMB's strength is its governmentwide authority, combined with expertise in individual agency mission budgets and programs. We set policy governmentwide and oversee implementation on a case-by-case basis. This is our strength. We are urged to play our strength. I cannot emphasize enough how important this function is at OMB. The OMB Director devotes significant time to IT management issues, and his leadership has energized our efforts. OMB also deals with critical information policy issues such as access dissemination in FOIA as well as computer security and privacy. The DDM manages these efforts both within OMB and across the government. The DDM has strong support from the OIRA administrator. As a former Administrator of OIRA, I can tell you how important and significant a component that is. Now we recognize there could well be enhanced efforts for OMB to promote and lead agency IT efforts. We have started this effort, and we welcome a dialog with this committee and with others here at the table as to what we should be doing to improve our efforts. Mr. Chairman, as I noted in my testimony at the end, I offer these views based on 6 years experience of managing information technology in the Federal Government but also in recognition that we're only 2 months before an election and 5 months before a transition to a new President. As Mr. Turner mentioned, both major candidates have made Federal IT an important program in their agendas and both share your goal and ours of continually looking at ways to improve Federal IT management. The two bills you've asked me to comment on both speak to what is essentially a management issue: How to organize oversight of the government's most important function. And I suggest that legislation now would only tie the new President's hands. We ought to give the new administration an opportunity to consider the approaches in these two bills and other approaches to IT and management and give us their recommendations before any action is taken. Again, I join those who recognize and applaud this committee's interest in how government manages and uses IT. We think that hearings such as this are extraordinarily helpful to keep us all focused on how best to achieve those goals. We have full confidence that this partnership will ensure that the next administration can build on our progress to deliver the American people the quality of government they expect. Thank you very much, Mr. Chairman. Mr. Horn. We thank you for your diligence and are glad to see you back doing all this. [The prepared statement of Ms. Katzen follows:] [GRAPHIC] [TIFF OMITTED] T4562.001 [GRAPHIC] [TIFF OMITTED] T4562.002 [GRAPHIC] [TIFF OMITTED] T4562.003 [GRAPHIC] [TIFF OMITTED] T4562.004 [GRAPHIC] [TIFF OMITTED] T4562.005 [GRAPHIC] [TIFF OMITTED] T4562.006 [GRAPHIC] [TIFF OMITTED] T4562.007 Mr. Horn. David McClure is the Associate Director, Governmentwide and Defense Information Systems for the U.S. General Accounting Office, part of the legislative branch. Mr. McClure. STATEMENT OF DAVID McCLURE, ASSOCIATE DIRECTOR, GOVERNMENTWIDE AND DEFENSE INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE Mr. McClure. Good morning Mr. Chairman. Mr. Turner, Mr. Davis, pleasure to be here. I really want to cover three crucial points concerning this topic of the Federal CIO this morning and expand on them briefly. First, I think sustained and focused central leadership for information technology management is essential for the Federal Government. It should enhance and not constrain similar IT leadership and accountability in the Federal agencies. Second, the form and the structure of the CIO position should follow closely to the functions that you expect the office to perform. And, third, the two legislative proposals before the Congress offer two distinctively different approaches for elevating the visibility and focus of Federal information management and technology. Each proposal has its benefits, but each also will face implementation challenges. Let me expand on each of these points briefly. First is the need for established and focused central leadership. Increasingly, Federal information management and technology challenges are multidimensional, and they're horizontal in nature. They cut across traditional program and agency lines. As noted in the report that we're issuing today to you, Mr. Chairman, on management lessons learned from Y2K, a Federal CIO could be instrumental in focusing on actions that go beyond those traditional boundaries. This necessitates governmentwide oversight, interagency collaboration and funding, and cooperation with State governments, local governments, and the private sector. Today's critical IT issues, including IT management issues, security, critical infrastructure protection, electronic government, and IT human capital really all require tightly focused, constant governmentwide leadership and direction. It's for that reason we support the creation of a Federal CIO today, just as we did during the deliberations of the Clinger-Cohen Act in 1995. Agency leaders and agency CIOs should be held accountable for their IT missions within their own agencies. But a Federal CIO can bring a lot to the table. He or she could identify and set the agenda for governmentwide policy issues needing attention; he or she could focus on established priorities in ensuring that related efforts are complementary rather than duplicative of each other; and the national CIO could direct the attention and resources to consolidating interagency governmentwide process through shared information technology assets. My second point relates to the critical need for the Federal CIO position to be structured for success. We've done research on successful CIOs in both the public and the private sector. The trend for these positions is--especially in the government--is for the CIOs to have governmentwide responsibilities. In creating this position there are two critical success factors that are paramount: First, top level political support and attention to IT management; and, second, clear roles, responsibilities, accountabilities and sufficient stature to maximize CIO impact and success. My third point involves the distinctively different models for a Federal CIO presented by these two legislative proposals. Let me point out, however, that they do have similarities. For example, they both make the Federal CIO a Presidential appointee who reports directly to the President with cabinet level status. The high visibility afforded to this position should not be underestimated. It is a clear critical success factor for all CIOs in any organizations. Both bills also leave intact OMB's role and responsibility to review and ultimately approve agencies' budgets for inclusion in the President's submission. Additionally, both bills establish the CIO Council and statute and we believe there are tremendous benefits in doing so. The chief differences between these two bills lie mainly with the scope, the role, the responsibilities of the CIO. Mr. Davis' bill vests the Federal CIO with policy guidance and oversight responsibilities that currently reside with OMB. This would create a single central focus for information, management and technology. And the multitude of the duties associated with the DDM position in OMB and the regulatory burden and paperwork reduction performed by OIRA really limit the ability of OMB to provide full-time focus and attention to the government's pressing IT problems. So to sum up, let me reiterate a point that is made in Ms. Katzen's written statement. There is clearly no consensus if the Federal community on the need for a Federal CIO. I think that can be attributable to the uncertainty about the details regarding how the position would be created, its role, its authority, its responsibility. Still we believe there's a clear need for focused central leadership to increase the government's ability to use information resources at its disposal effectively, securely and with the best service to the American people. Thank you, Mr. Chairman. [The prepared statement of Mr. McClure follows:] [GRAPHIC] [TIFF OMITTED] T4562.008 [GRAPHIC] [TIFF OMITTED] T4562.009 [GRAPHIC] [TIFF OMITTED] T4562.010 [GRAPHIC] [TIFF OMITTED] T4562.011 [GRAPHIC] [TIFF OMITTED] T4562.012 [GRAPHIC] [TIFF OMITTED] T4562.013 [GRAPHIC] [TIFF OMITTED] T4562.014 [GRAPHIC] [TIFF OMITTED] T4562.015 [GRAPHIC] [TIFF OMITTED] T4562.016 [GRAPHIC] [TIFF OMITTED] T4562.017 [GRAPHIC] [TIFF OMITTED] T4562.018 [GRAPHIC] [TIFF OMITTED] T4562.019 [GRAPHIC] [TIFF OMITTED] T4562.020 [GRAPHIC] [TIFF OMITTED] T4562.021 [GRAPHIC] [TIFF OMITTED] T4562.022 [GRAPHIC] [TIFF OMITTED] T4562.023 [GRAPHIC] [TIFF OMITTED] T4562.024 [GRAPHIC] [TIFF OMITTED] T4562.025 [GRAPHIC] [TIFF OMITTED] T4562.026 [GRAPHIC] [TIFF OMITTED] T4562.027 [GRAPHIC] [TIFF OMITTED] T4562.028 [GRAPHIC] [TIFF OMITTED] T4562.029 [GRAPHIC] [TIFF OMITTED] T4562.030 [GRAPHIC] [TIFF OMITTED] T4562.031 [GRAPHIC] [TIFF OMITTED] T4562.032 [GRAPHIC] [TIFF OMITTED] T4562.033 [GRAPHIC] [TIFF OMITTED] T4562.034 [GRAPHIC] [TIFF OMITTED] T4562.035 [GRAPHIC] [TIFF OMITTED] T4562.036 [GRAPHIC] [TIFF OMITTED] T4562.037 [GRAPHIC] [TIFF OMITTED] T4562.038 [GRAPHIC] [TIFF OMITTED] T4562.039 [GRAPHIC] [TIFF OMITTED] T4562.040 [GRAPHIC] [TIFF OMITTED] T4562.041 [GRAPHIC] [TIFF OMITTED] T4562.042 [GRAPHIC] [TIFF OMITTED] T4562.043 [GRAPHIC] [TIFF OMITTED] T4562.044 [GRAPHIC] [TIFF OMITTED] T4562.045 [GRAPHIC] [TIFF OMITTED] T4562.046 [GRAPHIC] [TIFF OMITTED] T4562.047 [GRAPHIC] [TIFF OMITTED] T4562.048 [GRAPHIC] [TIFF OMITTED] T4562.049 [GRAPHIC] [TIFF OMITTED] T4562.050 [GRAPHIC] [TIFF OMITTED] T4562.051 [GRAPHIC] [TIFF OMITTED] T4562.052 [GRAPHIC] [TIFF OMITTED] T4562.053 [GRAPHIC] [TIFF OMITTED] T4562.054 [GRAPHIC] [TIFF OMITTED] T4562.055 [GRAPHIC] [TIFF OMITTED] T4562.056 [GRAPHIC] [TIFF OMITTED] T4562.057 [GRAPHIC] [TIFF OMITTED] T4562.058 [GRAPHIC] [TIFF OMITTED] T4562.059 [GRAPHIC] [TIFF OMITTED] T4562.060 [GRAPHIC] [TIFF OMITTED] T4562.061 [GRAPHIC] [TIFF OMITTED] T4562.062 [GRAPHIC] [TIFF OMITTED] T4562.063 [GRAPHIC] [TIFF OMITTED] T4562.064 [GRAPHIC] [TIFF OMITTED] T4562.065 [GRAPHIC] [TIFF OMITTED] T4562.066 [GRAPHIC] [TIFF OMITTED] T4562.067 [GRAPHIC] [TIFF OMITTED] T4562.068 [GRAPHIC] [TIFF OMITTED] T4562.069 [GRAPHIC] [TIFF OMITTED] T4562.070 [GRAPHIC] [TIFF OMITTED] T4562.071 [GRAPHIC] [TIFF OMITTED] T4562.072 [GRAPHIC] [TIFF OMITTED] T4562.073 [GRAPHIC] [TIFF OMITTED] T4562.074 [GRAPHIC] [TIFF OMITTED] T4562.075 [GRAPHIC] [TIFF OMITTED] T4562.076 [GRAPHIC] [TIFF OMITTED] T4562.077 [GRAPHIC] [TIFF OMITTED] T4562.078 [GRAPHIC] [TIFF OMITTED] T4562.079 [GRAPHIC] [TIFF OMITTED] T4562.080 [GRAPHIC] [TIFF OMITTED] T4562.081 [GRAPHIC] [TIFF OMITTED] T4562.082 [GRAPHIC] [TIFF OMITTED] T4562.083 [GRAPHIC] [TIFF OMITTED] T4562.084 [GRAPHIC] [TIFF OMITTED] T4562.085 [GRAPHIC] [TIFF OMITTED] T4562.086 [GRAPHIC] [TIFF OMITTED] T4562.087 [GRAPHIC] [TIFF OMITTED] T4562.088 [GRAPHIC] [TIFF OMITTED] T4562.089 [GRAPHIC] [TIFF OMITTED] T4562.090 [GRAPHIC] [TIFF OMITTED] T4562.091 [GRAPHIC] [TIFF OMITTED] T4562.092 [GRAPHIC] [TIFF OMITTED] T4562.093 [GRAPHIC] [TIFF OMITTED] T4562.094 [GRAPHIC] [TIFF OMITTED] T4562.095 [GRAPHIC] [TIFF OMITTED] T4562.096 [GRAPHIC] [TIFF OMITTED] T4562.097 [GRAPHIC] [TIFF OMITTED] T4562.098 [GRAPHIC] [TIFF OMITTED] T4562.099 [GRAPHIC] [TIFF OMITTED] T4562.100 [GRAPHIC] [TIFF OMITTED] T4562.101 [GRAPHIC] [TIFF OMITTED] T4562.102 Mr. Horn. We thank you very much for the usual fine analysis by the General Accounting Office. We now move to Mr. Jim Flyzik, the Deputy Assistant Secretary, Information Systems and the Chief Information Officer for the Department of the Treasury, and he's here in that role as well as being vice chairman, Chief Information Officers Council. And we are particularly interested through you as to the views the Chief Information Officers have on these matters. Mr. Flyzik. STATEMENT OF JIM FLYZIK, DEPUTY ASSISTANT SECRETARY, INFORMATION SYSTEMS, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF THE TREASURY, VICE CHAIRMAN, CHIEF INFORMATION OFFICERS COUNCIL Mr. Flyzik. Thank you, Mr. Chairman, Mr. Turner, Mr. Davis, and members of the subcommittee. I appreciate the opportunity to appear today to discuss the concept of a Federal Chief Information Officer. I would like to first thank the chairman and the other members of the subcommittee for your continued support and interest in the improvement of information technology performance and accountability in the Federal Government. I have served as the vice chair of the Federal CIO Council since 1998, where I play a key role in the direction of information technology for the Federal Government. In performing my jobs, I have witnessed the growth of online services changing the way customers expect to interact with their government. Citizens now want to use technology to access the government and its services at a time and a location that is convenient to them. It is no longer acceptable to have a 9 by 5 government. Kiosks, the Internet and voice technologies are just a few examples of the many technologies that exist to provide a fully interactive government to our citizens based on their terms. Due to factors including the Clinger-Cohen legislation, the work of the Federal CIO Council, the year 2000 success and the growth of the Internet and e-commerce, the role of the Federal CIO is progressing into a peer with senior management. I appeared before this subcommittee in March to discuss the differences in the role of a CIO in the public and private sectors. Attention is now turning to the future potential and growth of Federal CIOs. One option under discussion is creation of a new Federal CIO within the Executive Office of the President. In regard to this question, the subcommittee presented me with six questions which I would like to briefly address. Should there be a Federal CIO and, if so, how should it assist the Federal Government in managing information technology? The attention and debate now surrounding this question is quite timely. As we progress to a new administration we must envision the government in an interconnected digital world. My opinion of whether a new position of Federal CIO is a good idea would depend on how the position would be implemented and empowered. A major constraint to the pace of IT advancement in government has been the skirmishes over centralization versus decentralization, not lack of capability. As vice chair of the CIO Council I believe that many government programs that share common elements or information could be vastly improved with stronger authority to enforce interagency and intergovernmental cooperation. We need to tear down stovepipes and obsolete hierarchical structures. The Internet knows no such structures or boundaries. Mr. Horn. Could I just interject for a minute because I've heard the term yesterday and today, and would you explain to everybody what a stovepipe approach is? Mr. Flyzik. Yes, sir. In traditional ways that stoves worked in homes in the past, you would have various pipes going out that all were independent of one another with no coordination. So when we talk about stovepipes we view our agencies working independently without cooperating or toward one common goal. Mr. Horn. Well, now that we have a definition every one that comes up from the administration will have a little asterisk put by their name as the Flyzik view of stovepipes. It will be put in all hearings. Mr. Flyzik. Thank you so much, sir. It's nice to know I have a legacy here. Mr. Horn. We try to provide those little services. Mr. Flyzik. The oversight could continue to be in the form of the OMB Deputy Director for Management or it could be another option like a new Federal CIO or a more empowered CIO Council. Any new leadership position in this area should have authority to work through the Director of OMB to control IT resources, IT budgets and spending. The centralized leadership can assist the government in managing its use of information technology and, like the Deputy Director of Management does today, assist the administration efforts to advise the President on matters relating to IT, build a vision for IT in the Federal sector, create opportunities and partnerships with the academic and private sector, set the direction for critical IT areas to cross agency boundaries such as interactive government and security, privacy and critical infrastructure protection and, importantly, enforce a Federal enterprize architecture and, most importantly, see government programs functionally from the point of view of the customer, not any specific agency. We can and should build on this framework. Where should the position be located? As the Deputy Director of Management today, any enhanced central authority over interagency IT initiatives needs to be located within the Executive Office of the President. Progress and success will require buy-in from agency heads; therefore, the function needs to be performed at a level that can deal with cabinet officers. How should it be empowered? Stronger empowerment requires actual authority in a budget to initiate and oversee the direction and funding of IT initiatives that affect more than one agency. A new staff position with primary duties to chair a council or review presentations or present recommendations would be viewed as just another bureaucratic hurdle and would be counterproductive. It is essential that any enhanced authority continue to be integrally linked with OMB's budget function to develop a process for evaluating the performance of capital investments for IT across government. It is also essential that any centralized position have authority to develop a process for funding interagency initiatives. Improved funding and management of multiagency IT initiatives can enhance the government's ability to address common IT challenges and solutions. Technology allows us to provide government to its customers across functional areas. The funding mechanisms should be developed to support this approach. In addition, funds for interagency IT should be solidified and made sufficient to support the level of need for interagency work. How should a Federal CIO's relationship with agency CIOs in the Federal CIO Council be defined? A digital economy drives new expectations of government. It would make sense that it would drive a new structure too. Ontario, Canada provides an example of a structure based on functional areas of government rather than agency structures. Before Ontario changed its structure the 17 different ministries had 17 different CIOs reporting to the deputy minister and cabinet office. Now there is a single authority that reports to the cabinet office in charge of information technology and is held accountable for IT in Ontario. What are more interesting are clusters of CIOs created around communities of service. The CIOs of these clusters report to the Ontario CIO. Leadership of Federal IT can operate in a similar fashion. The Federal CIO Council is already in place and could present the clusters of CIOs. I provide a chart of the Ontario organization as an example of a structure evolving with technology. How should a Federal CIO address issues such as electronic government information and insurance? Any expanded central authority should build on the structure currently in place, the Federal CIO Council. The Council is effective at establishing committees to bring subject matter experts out to address the issues and are in the forefront of IT in government-electronic government. Enterprise interpretability; capital planning; security, privacy and critical infrastructure protection; and Federal IT work force are some examples. The Council has developed a strategic plan with specific goals and initiatives for each committee. Greater authority could give the Federal CIO Council the responsibility and resources it requires to work with agencies states, academia and the private sector. Finally, question 6, what are the other key issues the Federal CIO should consider? Any action to strengthen central authority for governmentwide IT strategy should continue to work closely with the Federal CIO Council to develop strategies. Issues we have identified are: Connecting citizens to product services and information of their government; putting in place interoperable and governmentwide IT initiatives; providing a secure and reliable information infrastructure that the customer can access and trust; acquiring IT skills and resources to meet mission objectives; collaborating between the public and private sectors to achieve better government; fostering investment management policies, practices and tools that enable improved delivery of government programs and services. I find that the two proposed pieces of legislation are, each in different ways, interesting starts in improving the coordination and effectiveness of IT efforts. It is refreshing that reducing the burden of information collection from the citizen is emphasized. We look forward to working with the Congress on addressing these and other issues. I would like to thank the subcommittee for the support it has given to the work of the Federal CIO Council. Without your support we would not have been able to achieve the national success we have enjoyed with Y2K, the Internet and e-government. I would like to thank the members of the subcommittee for the opportunity to present this morning. Mr. Chairman, this concludes my formal remarks. I look forward to answering questions. [The prepared statement of Mr. Flyzik follows:] [GRAPHIC] [TIFF OMITTED] T4562.103 [GRAPHIC] [TIFF OMITTED] T4562.104 [GRAPHIC] [TIFF OMITTED] T4562.105 [GRAPHIC] [TIFF OMITTED] T4562.106 [GRAPHIC] [TIFF OMITTED] T4562.107 [GRAPHIC] [TIFF OMITTED] T4562.108 [GRAPHIC] [TIFF OMITTED] T4562.109 [GRAPHIC] [TIFF OMITTED] T4562.110 [GRAPHIC] [TIFF OMITTED] T4562.111 [GRAPHIC] [TIFF OMITTED] T4562.112 [GRAPHIC] [TIFF OMITTED] T4562.113 Mr. Horn. Well, thank you very much. We appreciate that summary. Otto Doll is the Commissioner of the Bureau of Information and Technology for the State of South Dakota and president of the National Association of State Information Resources Executives. I'm particularly indebted to you for those nice charts you put with your testimony. It's very helpful to see what the Governors are doing around the country. So Mr. Doll. STATEMENT OF OTTO DOLL, COMMISSIONER, BUREAU OF INFORMATION & TECHNOLOGY, STATE OF SOUTH DAKOTA, PRESIDENT, NATIONAL ASSOCIATION OF STATE INFORMATION RESOURCES EXECUTIVES Mr. Doll. Thank you, Mr. Chairman, Mr. Turner, Mr. Davis, and members, subcommittee members. Recent congressional bills such as H.R. 4670 and H.R. 5024 offer tremendous opportunities for the Federal Government to take full advantage of the Internet revolution and all it has to offer for digital government. The States, as laboratories of democracy, offer many examples of how enterprise-wide Chief Information Officers add real value to government's use of information technology. Furthermore, the recent year 2000 compliance effort has allowed all CIOs, whether they be local, Federal, State, private or public sector, to completely inventory the IT resources at their disposal. For the first time we have been able to establish lines of communication and cooperation among IT units through our enterprises. While it is difficult to derive a single organizational model from the 50 States, some clear trends are apparent, and both of the bills cited earlier put the Federal Government firmly on the same path. Generally with the title CIO comes advisory responsibility for enterprise-wide IT policy, not just management. Many, if not all, CIOs report to their Governors, State chief executives in some formal or informal capacity. CIOs can be called upon to advise the Governor on IT matters, deliver agency IT budgets, draft proposal legislation, testify before legislative committees on IT investment options and results and oversee statewide procurement, project management, risk management and strategic planning. While many State CIOs report solely to their Governors on technology issues, some are also responsible to cabinet level officials such as the secretary of administration, commerce, or revenue. According to a survey conducted by NASIRE in February and staff research, 23 States have a CIO in place who reports directly to the Governor; only 8 States reported such an arrangement in a 1998 survey; 24 State CIOs operate within some other arrangement, usually reporting to a cabinet officer. However, that does not mean those CIOs never interact with their Governors. Some State CIOs work in conjunction with an advisory board or commission and many serve as chair of a council of agency level CIOs. The remaining three States are currently moving toward a CIO arrangement. A roundtable of State CIOs held at NASIRE's 2000 midyear conference discussed key aspects of real CIO authority. The clear consensus was that some form of access to the Governor is crucial to the CIO's success. Without that access the CIO cannot win the sponsorship that is necessary to implement innovative application of technology, break down the silos of government and manage the expectations of internal and external constituents who are often intimidated by or over expectant of the impact of IT on government. The recent Federal experiences with John Koskinen, who served as the Y2K czar, shows how a CIO level official serving as an extension of the chief executive can bring together diverse public and private interests to tackle the huge IT project. We have also seen how the President's keen interest in the development of the FirstGov.gov portal has reinvigorated a project that had previously floundered without centralized high level leadership. The Oval Office and Congress will need an ongoing, accountable IT visionary for future efforts. The necessity of the CIO has been recognized by a number of organizations, including the National Electronic Commerce Coordinating Council, which declared: ``regardless of the structure, the most critical factor for success in implementing electronic government is a clear direction communicated with both authority and responsibility. Responsibility for implementation should rest with an empowered leader, such as the CIO.'' NEC3 is a coalition among NASIRE, the National Association of Secretaries of State, the National Association of State Procurement Officials, and the National Association of State Auditors, Comptrollers and Treasurers. Separating technology from government programs is impossible today. State CIOs are responsible for putting their executives visions and goals for IT into action. The Harvard Policy Group on Network-Enabled Services and Government, which included CIOs from all levels of government, echos that sentiment. They define CIO not solely as a manager of technology but as a manager of technology in support of organizational strategy and change management. The same sentiment emerges from the private sector as well. Janet Caldow of IBM's Institute for Electronic Government states: ``our early studies with the Kennedy School of Government revealed that a center of gravity for technology policy and strategy is a fundamental critical success factor for governments to move forward aggressively. That can come in the form of a Chief Information Officer or a technology and policy advisor to the chief executive.'' As the center of gravity for IT policy, the CIO needs to inspire leaders, including elected and appointed officials as well as front line managers and staff that dedicate political capital and other resources to the agenda. One powerful dynamic of IT is that it can enable and integrate all government services and initiatives--education, criminal justice, economic development, etc. A CIO is necessary to convene key information stakeholders, develop adaptive architectures that are conducive to sharing, and access the incumbent risks of exposing information online. Then the CIO is needed to moderate the changing interest of the diverse stakeholders, enforce standards for sharing, and implement the critical security technologies and processes that can ensure privacy. Only then will government enjoy the full benefits of integration. Globally, a number of other nations are taking aggressive approaches to digital government, including the Special Administrative Region of Hong Kong, Singapore, Australia, Canada, United Kingdom and the European Union. Australia represents a major effort to have all that nation's services well enabled by 2001. Australia, Hong Kong and Singapore have also signed memoranda of understanding to facilitate cross national e-commerce, underscoring the important role a national digital government can play in facilitating economic growth. In conclusion, let me say that my goals for today have been to reinforce my testimony before this committee from last March. Support for the role of the CIO comes from many quarters. Furthermore, empowered CIOs such as those in Kentucky and Indianapolis and elsewhere can achieve much. NASIRE encourages the Federal Government to establish an Executive Office of the CIO. However, we caution that the role CIO cannot be defined with one act. The work of the CIO will not end after one project. In our estimation, the future success of any government in the new economy depends on not only establishing an office of the CIO, but also in constantly evolving the role of CIO as technologies change and new opportunities emerge. Only then will the full fruition of digital government be within our reach. [The prepared statement of Mr. Doll follows:] [GRAPHIC] [TIFF OMITTED] T4562.114 [GRAPHIC] [TIFF OMITTED] T4562.115 [GRAPHIC] [TIFF OMITTED] T4562.116 [GRAPHIC] [TIFF OMITTED] T4562.117 [GRAPHIC] [TIFF OMITTED] T4562.118 [GRAPHIC] [TIFF OMITTED] T4562.119 [GRAPHIC] [TIFF OMITTED] T4562.120 [GRAPHIC] [TIFF OMITTED] T4562.121 [GRAPHIC] [TIFF OMITTED] T4562.122 [GRAPHIC] [TIFF OMITTED] T4562.123 [GRAPHIC] [TIFF OMITTED] T4562.124 [GRAPHIC] [TIFF OMITTED] T4562.125 [GRAPHIC] [TIFF OMITTED] T4562.126 [GRAPHIC] [TIFF OMITTED] T4562.127 [GRAPHIC] [TIFF OMITTED] T4562.128 [GRAPHIC] [TIFF OMITTED] T4562.129 [GRAPHIC] [TIFF OMITTED] T4562.130 [GRAPHIC] [TIFF OMITTED] T4562.131 [GRAPHIC] [TIFF OMITTED] T4562.132 [GRAPHIC] [TIFF OMITTED] T4562.133 [GRAPHIC] [TIFF OMITTED] T4562.134 [GRAPHIC] [TIFF OMITTED] T4562.135 [GRAPHIC] [TIFF OMITTED] T4562.136 [GRAPHIC] [TIFF OMITTED] T4562.137 [GRAPHIC] [TIFF OMITTED] T4562.138 [GRAPHIC] [TIFF OMITTED] T4562.139 [GRAPHIC] [TIFF OMITTED] T4562.140 [GRAPHIC] [TIFF OMITTED] T4562.141 [GRAPHIC] [TIFF OMITTED] T4562.142 [GRAPHIC] [TIFF OMITTED] T4562.143 [GRAPHIC] [TIFF OMITTED] T4562.144 [GRAPHIC] [TIFF OMITTED] T4562.145 [GRAPHIC] [TIFF OMITTED] T4562.146 Mr. Horn. Thank you very much. We appreciated that testimony Mr. Doll. I'm going to have to do something I don't like doing because I'm going to have to interject for a question period before the representative of the administration has to go, and she said she has to go at 11:15 and I want Mr. Davis, Mr. Turner to question her before now and 11:15. So I first yield for questions 5 minutes for the gentleman from Virginia, Mr. Davis. Mr. Davis. Thank you. Sally, thanks for being here once again and for all the work you're doing. In your written testimony you offer that Clinger-Cohen is correct in placing centralized leadership responsibilities for IT investment management within OMB because OMB has budget and program oversight responsibilities throughout the executive branch and can work to ensure that IT supports agency missions and policies. You go on to say that legislation which mandates a particular approach may lock in oversight structures and constrain our capacity to solve the problems that are unknown to us today. I wonder if you could take a minute and describe the leadership role that OMB has displayed in the past in defining and managing interagency items, not just speaking to money items but managing IT resources. How does OMB keep track of those initiatives so that responsible decisions can be made when projects are not working and should be halted or a new direction should be taken? Can you give me a feel for how that works? Ms. Katzen. Sure. Thank you. In one respect we take our management challenges each year as part of the budget. We prepare those priority management objectives, we call them, the PMOs, that warrant senior management attention, and IT management is always on the list. This year I think we have four that include that. People are assigned within OMB both in the statutory offices and in the RMOs, the Resource Management Offices, which do the budgeting and management hands, often to report on a monthly basis on the progress made. I have prepared this report for the Director, for the President and see how we are proceeding on the most important challenges. At the other end of the spectrum OMB is actually a fairly lean and mean organization--well, I'm not so sure it's mean but it is lean. We only have about 500 people for all the governmentwide functions. We leverage our power and authority through interagency councils, whether it's the Statistical Policy Council which was created and reports through the Chief Statistician of the United States, who's in the Office of Administration. In the Office of Information, Regulatory Affairs, or the CIO Council, the Deputy Director for Management, me now, sits as chair of the CIO Council, sits as chair of the CFO Council, that's the Chief Financial Officers, sits as chair of the PCIE, which is the President's Committee on Integrity and Efficiency, which are the IGs, the Procurement Executives Council. What I have done---- Mr. Horn. Excuse me. Could you sort of spell it out for the people that are listening? Ms. Katzen. CIO Council is the Chief Information Officers Council. CFO Council is the Chief Financial Officers Council. The PEC is the Procurement Executives Council. The PCIE is the President's Council on Efficiency and Integrity, which is the IGs, which are the Inspector Generals. Each of these councils have committees. Mr. Flyzik indicated the myriad numbers of committees that they have. Their e-government committee representative meets with me, with the CFO Council e-government representative and the PEC e- government representative, at least once a month, where we sort through priorities, we hear about initiatives. And the CFO Council people will sit there and say, oh, is that what the CIO Council is doing? Isn't that interesting? We're able to exchange best practices. Mr. Flyzik has attended those meetings in the past. That's another way we leverage. Mr. Davis. Where is the decisionmaking authority after you all sit down and you go through all these? Does it come to you then up through the head of OMB in terms of resolving---- Ms. Katzen. In most instances it's not a decision that has to be made yes or no. It's a sorting through priorities. But if there were, it would be through me and I would consult with Jack Lew, the Director, or the President or Vice President. Mr. Doll was talking about the President's interest in FirstGov. We presented it to him and he loved it, and he therefore announced it. It was something we had developed, and we had developed it with the help of the CIO Council as well as the PEC Council because one piece of this FirstGov is to have a single gateway for procurement for buying and selling to the government, and they're interested in that aspect of it. So we put all these pieces together. When we presented it to the President he was most enthusiastic about it. So it can go at different levels, in part depending upon how radical it may be or how much funding is necessary. And there's also, one of the problems that we've had, and I've heard this from a number of the people who are talking about this, is the funding. OMB has included requests for funding for security, for e-government, for digital signatures, for a variety of things and we just were hoping that the Congress will be more receptive to those requests. Mr. Davis. I think my 5 minutes are up. I want to make sure--I might want to give you a couple of written questions, but I think you've given me the outlines. Ms. Katzen. Be happy to supply any answers to that. Thank you very much, sir. Mr. Horn. The gentleman from Texas, Mr. Turner, 5 minutes for questioning the witness. Mr. Turner. Thank you, Mr. Chairman. We appreciate all of your input on this issue, and as you know, in our meetings together there are some issues that must be resolved before we can move forward. And obviously we want to be sure we structure this new Chief Information Officer in a way that's consistent with the roles that you are accustomed to having oversight over. I did notice that in a letter that we received just yesterday from Mr. Gilligan, who is the CIO of the Department of Energy, he said that only a small portion of the funding requests we're talking about for information technology funding is intended to provide for coordinating governmentwide security efforts. We were talking yesterday, as you know, about computer security as well as providing common solutions that will improve efficiency and effectiveness of individual agency security programs. He goes on to say these initiatives are not designed to replace individual agency programs already in place. Rather, they seek to build on their successes and expand existing infrastructure. In an attachment to his letter he says most of the funding that has been provided in the Federal budget has been directed at the individual agencies. He says, and I quote, only a small portion of this funding request is intended to provide for cross government initiatives. I'd like for you to describe for us some specific cross agency initiatives relating to information technology that OMB has successfully implemented. Ms. Katzen. I will start by noting that I don't completely agree with his characterization of the way we do the funding. It is true that there is a relatively small portion that is designed for intra--interagency, among agencies, cross-cutting, governmentwide types of projects. But the security, for example, should be built into the system. It shouldn't be a separate kind of venture. It should be part of the capital planning process, and that's one of the things we're working on. But having said that, in terms of the types of activities that we have, 2 years ago the Congress and Treasury-Postal gave us a $7 million fund for us to allocate for governmentwide efforts, and that money was used in part for the CIO Council, and we asked them to come up with their wish list, their priorities, so that we could be responsive to the agencies' CIOs as what they thought were those projects most in need. Digital signature was one; FirstGov is another that I can think of off the top of my head. This year we took that same fund--$7 million is not a very large amount considering that we spend billions in other areas--we increased it to $17 million. All indications are the Treasury-Postal will increase it. That should be significantly enhanced because there are opportunities. But what we have done again for the 2001 budget for the $17 million was to go back to the CIO Council and the CFO Council and say, what is it that you think is most desirable, and this is reviewed within OMB. And they came up with these different types of projects that they wanted us to fund. Mr. Turner. Is that the only cross-agency initiative that OMB has been involved in? Ms. Katzen. No. Clinger-Cohen also includes a ``pass the hat'' authority. And there was an additional $5 or $6 million that we used to collect additional moneys from the various agencies for some of the CIO-type functions. Again, Mr. Flyzik, who helped implement this, could give you more details on it. But that's another opportunity. And the third opportunity is there could be a lead agency. For example, on FirstGov, even though we're using some of the interagency money, GSA is the lead agency and is, in effect, sponsoring this, and they have the resources that we have reprogrammed to make sure that they can carry this out. There are other instances where other departments--Treasury, the Treasury Department is working on digital signatures. We have a $7 million request, which unfortunately does not look like it's going to be funded. We could use your help there. But that would be where they're taking the lead for the government. And I think that's correct, if I'm not mistaken. But they're the lead. So in different areas we'll ask different departments to be a lead agency. So that, pass the hat and the interagency fund, all get worked together. We use as much creativity as we can because the technology is developing an awful lot faster than the budget process, and you come up with new ideas in the middle of cycle, you want to fund them. You want to figure out how to do it lawfully. Mr. Turner. I think that pass the hat problem, we discussed that at the hearing yesterday, is one of the problems that we see in our present pursuit of information technology. Ms. Katzen. It has drawbacks. Mr. Horn. We will have another round here. The gentleman from Virginia, Mr. Davis, 5 minutes. It's your turn. Mr. Davis. Just a couple of questions. You addressed the establishment of the Y2K Council with John Koskinen, who did an outstanding job, I think we can all agree, as chairman. It's unclear to me how the need to establish a Y2K Council in 1998 validates OMB's role in managing information resources. It seems to me that instead it demonstrated OMB's inability to gather the necessary expertise and foresee the need to address the Y2K problem in a more timely manner and its subsequent inability to manage governmentwide Y2K remediation without bringing in someone like John Koskinen to head the whole thing up and to have the clout, and that you don't want to keep doing this kind of thing. Could you give me your comments on that? Ms. Katzen. Well, Mr. Davis, OMB had been responsible for the governmentwide Y2K efforts, and, in fact, as Administrator of OIRA, it was one of my primary responsibilities, and we set in motion the processes that the Federal agencies would use. We established the reporting practices. We established the CIO Council's involvement in this; the Y2K committee that I met with once a month, we did a lot of things within OMB. By 1998, it became clear that the issue was not just the Federal systems. The issue was the country. And there was banking and finance, there was energy, and it was more than the country. It was international as well. And so we discussed within the administration bringing in somebody who would focus attention, who would capture people's imagination, and who would work with State and local governments. I had already been meeting with NASIRE people in 1995, 1996 and 1997. John Koskinen took it over. He worked with State and locals. He worked with the private sector. He worked with the international Y2K effort. The responsibility for the Federal systems themselves remained at OMB. We were the ones who did the quarterly reports. We were the ones who met with the laggers or those who were not moving as quickly as they should have. We were the ones who went to the President or the Vice President when we wanted additional help. John Koskinen was superb, and he was a superb candidate for this because he had just stepped down as DDM at OMB, and he knew where all the levers were. He never wanted to take from OMB its authority, but he wanted to work with us, and that was a very good mix. I was made the vice chair of the Y2K Council to keep the OMB piece of it intact. And I heard Mr. Doll say that Mr. Koskinen is a great model, and then he used the term ``for a single project.'' I agree with that. I think if there's a single project that you want done sometimes, you find somebody who has the stature, the experience and the connections to do it. But if you're talking about something like all of information technology, Mr. Doll also said you can't separate technology from government programs. That's the whole thing. Then I am less amenable. Mr. Davis. I want to get you out of here. I just look at it differently. You did a great job, but you had so many other things to do over there at OMB. You just did. You have so many responsibilities. You performed them admirably. I've worked with you on a lot of issues, and you're a great civil servant. But the problem was in that particular case you had too many things. The same thing concerns me with OMB and its structure today in giving it the emphasis. So I just look at it a little differently. But I'm really interested to hear your perspective. I appreciate your sharing it with me. I may get back to you with a couple of other questions just for the record so we can fill this up. You made one other comment that the administration will be changing, and at least we will have a new President and probably some new people, and we don't want to act precipitously. I agree. I'm just putting down a marker to say this is my concept, and we want to solicit advice on this as we move forward. This is kind of a work in progress. But I just wanted to share my thoughts, and I appreciate hearing yours. Thanks. Ms. Katzen. That's very helpful. Thank you, sir. Mr. Horn. Does the gentleman yield? Mr. Davis. I yield back. Mr. Horn. The gentleman from Texas Mr. Turner. I'll give you 4 minutes this time because I want the last 3 minutes. Mr. Turner. Thank you, Mr. Chairman. I concur with what my friend Mr. Davis said. I think we are introducing these bills here in the latter month of this Congress in order to get the issue on the table and begin to discuss what kind of structure a Federal CIO should have, because we know whoever is President is going to make this a part of their new administration. And I want to say that, you know, GAO made the comment that the benefit of a Federal CIO is the ability to focus exclusively on information technology. Your training is an attorney, as is mine. You practice regulatory and administrative law. You wear a lot of hats. You're the head of the CFO Council, the CIO Council, the Procurement Council. Even your Deputy, Mr. Spotila, who is the head of the Office of Information and Regulatory Affairs, has a wide range of duties, one of which is information technology, but he is neck deep into regulatory affairs in his office. And I think what we are trying to do here is to pursue a new position that has the exclusive ability to focus on information technology across government; to put in that position an individual who has the background, the experience and the educational training to suit he or she to the position of a chief information officer as we find in the private sector. And I think that by doing that, we will see more opportunities for cross-agency cooperation, and we'll see the Federal Government move forward at a much more rapid pace than we've seen in the past. That is not to say we are critical of anything you have attempted to do, but I think the emphasis on information technology is long overdue. And I know that you want to work closely with us to be sure that if we implement a Federal CIO, that it integrates well with your traditional functions. And I know that is one of your priorities, and we want to work with you in that regard. Ms. Katzen. Exactly. I appreciate that because I think there is much merit to this call for higher visibility, more focus or single-mindedness as it were. And my concern is that it be fully integrated within OMB because they have the budgeting and the management function governmentwide, and you can't easily separate the two. But the repeated calls for higher visibility and more single-mindedness, I think, have tremendous merit, and I appreciate your comments in that regard. Mr. Turner. Thank you, Mr. Chairman. Mr. Horn. I thank the gentleman. My question is this: I appreciate you giving us the history there, and that's some of it we learned new. But the fact was that nothing happened after this committee started the movement in April 1996. We wrote the President with the ranking Democrats at that time writing with us on the letter to put one person in charge in the executive branch. That was July 1997, and he finally got around to it in late 1997 and 1998 when Mr. Koskinen was brought out of retirement. While he was there in your position, he really didn't do anything on this. You were doing the work there, as I remember. Ms. Katzen. I was doing that, yes. Mr. Horn. And then he retired---- Ms. Katzen. Although I reported to Mr. Koskinen, and he was aware of what I was doing, and he had sufficient confidence in me that he let me continue doing it. Mr. Horn. Well---- Ms. Katzen. And I had sufficient confidence in him that when we talked to the President and said, I think we ought to find somebody, he was the first person that came to our mind, and we called him. He was only in retirement for 2 weeks before we got him back. Mr. Horn. He was in retirement, and he did not come back on board until April 1998. Ms. Katzen. Correct. Mr. Horn. He was on a honeymoon with his wife. So the fact is during this time, FAA, the IRS, billions of dollars were going through those things. Now, did your group at OMB pull the plug? Why not when you have that many billion dollars going right down the drain? Ms. Katzen. We did, in fact, review the FAA information systems--we're not talking Y2K now. We're talking the information systems themselves--the FAA system, the IRS system, which Mr. Flyzik can talk about the history of that through this past decade, the HTM system. There was a health system at HCFA. Mr. Horn. Right. They spent a few billion, too. Ms. Katzen. It was unbelievable. It was custom-built. As I said in my testimony, when we came into office, there was an established pattern. Federal systems were to be custom- built with all the bells and whistles. They would inevitably come in over budget and so late that they would be obsolete by the time they were fully implemented. We changed that. We changed that with your help. We changed that with the help of Raines' Rules. We changed that. We're now focussing on open architectures, modular development. The whole Raines' Rules capital planning concept has turned it around, and you don't have those kind of unfortunate headlines as frequently by a long shot at the end of the decade that you did at the beginning of the decade. It took us time to turn it around. That was what I was focusing on at the beginning part of the century--decade. Mr. Horn. Who pulled the plug, OMB or the agency? Did the agency finally think about it, that they weren't managing anything? Ms. Katzen. We worked together. We're collegial. We raised issues---- Mr. Horn. I know. Collegially with the taxpayers' money to the tune of $7 billion. Ms. Katzen. Well---- Mr. Horn. That bothers me. The fact is nobody made the tough decisions except Raines. I thought Raines really knew what he was doing when he came in there. And we worked together on the questionnaire and all the rest of it. He was a very right-on-the-spot person. He might have pulled the plug. I don't know. Ms. Katzen. The health one was ended before Mr. Raines became the Director. It was while Ms. Rivlin was still the Director of OMB that we stopped the health one. We stopped them when it became clear to us that this was not the way to go, and we worked with them. They're individual cases. Individual systems presented different problems within the agencies because they had different needs. FAA's need was that they couldn't be without a system because of the security of the air traffic controls. We had to make sure that whatever we had was enough to bridge or link, and so it was not just possible to say, well, let's stop that and forget all about it and go to someplace else. We had to work to a transition. The IRS is one that took a different turn that Mr. Flyzik can talk to. Mr. Horn. Let me ask my last question. I know you have to go. Yesterday the subcommittee released its computer security report card for the Federal Government, with the government receiving a D minus overall. Given the Office of Management and Budget's oversight responsibility for agency computer security programs, how do you explain this? Ms. Katzen. Well, Mr. Chairman, I think, as Mr. Spotila indicated yesterday, we do not completely agree with the grades. Mr. Horn. Not one person under oath in this room disagreed with any grade. And if they're doing that to the press, they didn't do it here. Ms. Katzen. I was not here yesterday. Mr. Spotila was testifying. My understanding is that a lot of the agencies-- departments were, as they should be, totally candid about we're doing partly here, we're not doing anything here, we're doing something here. In some of the grades they got no credit for any of the things that they were doing. Grades come as a snapshot in time, and unlike the Y2K where you have a single function that you want to sort of track over time, and you can see whether you're 68 percent remediated, 98 percent remediated, you get all the way to 100 percent, with security there are a variety of different measures and a variety of different standards depending upon the sensitivity of the information, because your security should be commensurate with the risk of loss. And a DOD is a very different animal from the Department of Agriculture, for example, where a civilian agency does not have to reach the same standards. Having said all of that, I would remind you that when Mr. Koskinen came into the office, the government was given a D minus also---- Mr. Horn. That's right. Ms. Katzen [continuing]. For Y2K. Mr. Horn. And he got it up to a B, which is great. Ms. Katzen. What happened was in the 2-year period, because of the foundations that we had laid and the work that had been done by the Federal employees, there were no disasters at the date change. The Federal systems held together magnificently. People were ready ahead of time. And if we get a B minus when we actually end up having a nonevent, there's some sense that maybe the grading on the curve could be a little bit adjusted. Mr. Horn. It isn't graded on the curve. It's graded on the absolute. And remember that this is self-graded by the agency, not us. Ms. Katzen. They didn't give themselves a D minus. You took the information and gave them the grades. They didn't give themselves a grade. If you ask the agencies, and Treasury is here today, whether they deserved the grade they got or whether they thought that their work in process is warranting some other grade, I would be very interested in the responses, because what I hear is that they feel that the grading was kind of tough. Now, I did well in school with professors who gave tough marks, and I like to rise to the occasion, and I like to fight back, and I like to say, OK, you give me a B, I'll show you. I'll get my A. Mr. Horn. Good. We're glad we stimulated OMB to do something. And if it takes that, why we'll give them a D minus or a D plus next time. But, no, what we want is something that solves this, and we want people that make tough decisions with the taxpayers' money. That's what I'm concerned about. That's what every Member here regardless of party is concerned about. We can't afford these $4 billion boondoggles. Ms. Katzen. I share your--I agree with you completely. Mr. Horn. With security they can do a lot of things. They just haven't because there hasn't been the focus. Ms. Katzen. Well, and we haven't gotten the funding. Mr. Horn. They always say that. All you do is pull the plug on a few things. Energy is the prime example. Ms. Katzen. No, I'm sorry. What I meant--you may have misunderstood what I was staying. We have repeatedly requested the Congress to fund in the security area for FIDNA, for FEDCERT, for Cyber Core. There was a $90 million critical information protection piece that the Congress has not funded. We have requested funding for security again and again, and over the last several years and even right now the IRS piece is not fully funded. Apart from the security is the modernization that they need to do. So it's not that we're holding back, but I share your objective which is not to waste taxpayers' money, which is to provide the best service possible, to do it in a way that is reasonable and rational and responsive to the American people. I agree completely with where you're coming from, and, again, as I said in my opening statement, we think that the work that this committee has done has been very important and instrumental in helping us with whatever progress we have achieved, and we thank you for that. Mr. Horn. Let me ask the last question. Do any of the people here, and that includes the people who haven't had a chance to make their presentations, do you have any questions of the administration before Ms. Katzen leaves? Anybody want to raise their hand or something? Any question you've been wanting to ask the administration but couldn't? OK. Forever hold your peace, or talk to them on the side. Ms. Katzen. Thank you, sir. Mr. Horn. We thank you for staying, and we hope we haven't delayed you, but we're within 6 minutes. Thank you. We now go back to the presenters. Next is Paul E. Rummell, president and chief executive officer of RLG netPerformance, Inc., former Chief Information Officer for the Government of Canada. We're delighted to have you here, and we want to get a lot of your experience on the record. STATEMENT OF PAUL E. RUMMELL, PRESIDENT AND CHIEF EXECUTIVE OFFICER, RLG NETPERFORMANCE INC., FORMER CHIEF INFORMATION OFFICER FOR THE GOVERNMENT OF CANADA Mr. Rummell. Mr. Chairman, Mr. Turner, Mr. Davis, members of the subcommittee and distinguished panelists. I am very pleased to speak with you regarding establishing a Federal Chief Information Officer position in the U.S. Government. I have a unique perspective to share with you. I served as the first CIO for the Government of Canada, and I am an American citizen and a Canadian citizen. I have 28 years' experience in information technology. The role and mandate for Canada's CIO position is to bridge the direction and evolution of technology in government; work to improve relations with the vendor community; renew the IT community within the government, and tackle the inertia in Treasury Board and across the government by resolving key concerns effectively, like privacy and security. I reported to the Secretary of the Treasury Board and had a liaison and strong communication with the Prime Minister's office. My responsibilities were a $3-billion-a-year budget, 16,000 employees, and a portfolio of 80 some departments and agencies, and I had a mandate to eradicate the year 2000 bug. Policy and management were focused on larger departments like Public Works, Revenue Canada, National Defense, Human Resource Development Canada, Industry Canada and the Department of Justice. Twenty of the largest departments and agencies were represented in a core committee which I chaired, and I consulted with smaller agencies and departments less frequently. I established a Council of Provincial CIO's to coordinate activities between their jurisdictions, and we met with other levels of government to coordinate service delivery initiatives for our government. The CIO position has made an impact on Canada's Federal Government success in information technology. We moved beyond establishing policy to a strategic leadership role with operational focus and delivered results in three key areas: infrastructure, innovation and service to the IT community. Infrastructure is the platform used to deliver cost- effective, unified services to citizens. It's not just wires and networks, but INFOstructure, the policies, standards, procedures and directions that make interoperability a reality. It is the combination of people, process and technology to capture the imagination and achieve results. As CIO and an information exchange specialist, I was and continue to be in the business of innovation. The approach must be to balance risk and fiscal responsibility. The CIO position should be in a place that empowers solutions, from structural changes and alternate service delivery models to partnerships with other governments and the private sector. The CIO's core mandate was to provide advice, expertise and service to the information community across government, and my goal was not to get in your way, but to get things out of your way. We managed technology spending envelopes to be sure that we were making appropriate investments. We helped get the government through some challenges with megaprojects. We worked with the vendor and outsourcer communities to ensure modern procurement and project management procedures were in place. Information technology provides one of the cornerstones for the renewal of government. It is essential that the U.S. Government adopt a modern organizational structure with a Federal CIO to lead, make a real difference and encourage cooperation. It is your challenge as a subcommittee and as a government to play a leadership role in establishing a position that will direct the appropriate use of technology in our government. Based upon my experience, I favor the recommendation that the Federal CIO report to the Office of the President. I believe the position will be most effective in this structure. To sum up, these are exciting times. The new Federal CIO for the U.S. Government will have an ambitious agenda in this year 2000 and beyond. Effective use of technology will enable us to work harder, faster and smarter. This is not an end in itself. What counts is what it will enable us to do, and that is to serve Americans better. Thank you. Mr. Horn. Well, we thank you. Those insights are very helpful. [The prepared statement of Mr. Rummell follows:] [GRAPHIC] [TIFF OMITTED] T4562.147 [GRAPHIC] [TIFF OMITTED] T4562.148 [GRAPHIC] [TIFF OMITTED] T4562.149 [GRAPHIC] [TIFF OMITTED] T4562.150 [GRAPHIC] [TIFF OMITTED] T4562.151 Mr. Horn. Our next presenter is Robert D. Atkinson, director of technology & new economy project for the Progressive Policy Institute. Mr. Atkinson. STATEMENT OF ROBERT D. ATKINSON, DIRECTOR, TECHNOLOGY & NEW ECONOMY PROJECT, PROGRESSIVE POLICY INSTITUTE Mr. Atkinson. Thank you, Mr. Chairman, Mr. Turner, Mr. Davis. I was the author of a report that PPI released a few months ago called ``Digital Government, The Next Step to Reengineering the Federal Government.'' In that report we concluded that the single most important thing the Federal Government could do to foster the speedy transition to a digital Federal Government would be for Congress to create the position of a Federal CIO. Therefore, I strongly support the committee's efforts to do this as embodied in H.R. 4670 and 5024. Mr. McClure mentioned in his testimony that when Clinger- Cohen was passed in 1995, that there was a debate whether we should create a Federal CIO at that time, and the decision was no. That may have been a reasonable decision at that time. I'm not sure. I wasn't involved in it then. But it's not now, and the reason for that is there's a saying in the Internet community that the Web changes everything. And I think the Web does change everything in government. And now for the first time--we could not just talk about the notion of functionally oriented government and moving beyond the stovepipes that Mr. Flyzik talked about, but we can do it now for the first time. We have the technology that lets us think about creating customer-oriented government. To do that, though, we need a management system that moves beyond just single agencies, thinking about an IT research from an agency's perspective. And I would argue we need to think about it on two levels. One, as I mentioned, is a functional-based, not agency-based, government. And there are a host of applications that one can imagine. One place for people who are engaged in exporting and importing. In fact, there's a program I will mention, the International Trade Data system. One place for companies to come and find out all the regulations that they have to deal with. One place to find out about education and training resources. One place to find out about health. All of these things can be done on a functional basis. Second, we need to think about an enterprisewide information architecture. There are a whole host of issues with regard to issues of data sharing, data collection, new types of interactive tools, expert systems, information on request systems, data base systems, and other wide-ranging issues which you've mentioned, security, privacy, digital signatures. All of those issues are essentially best handled on an enterprisewide, Federalwide level. Well, I think you've heard some arguments as to why the existing organizational and management system can do this. I would argue that the existing organizational system is really a function of the old legacy system, the old agency-by-agency system, and it isn't suited to doing what we need today. Obviously the proof is in the pudding. Let me mention two things. I don't really see a Federal digital government conversion plan right now. I don't think there is one. I haven't seen it. I think we need to have one to manage the overall resources. Second, let me mention one example of, to me, a very strong effort to do digital government on a functional basis, the International Trade Data system. ITDS was a great idea. It was developed--to take 104 different Federal agencies' programs or bureaus and streamline the collection and reporting of trade data. That system is essentially still in the water. It's not moving anywhere, and Customs has really taken over the charge and is planning to build a proprietary system. And we don't need a proprietary system. What we need is a functional system. And I would argue that if we had a CIO, the CIO's leadership would have been critical in making the ITDS system come about. There's another criticism that the CIO would add a layer of bureaucracy and delay, and that we don't need it because we already have that management system. I think it's interesting, we have 20 States now, or more than 20 States, that have cabinet-level CIOs that report directly to the Governor. In each of those 20 States, they also have their respective OMBs. They have Departments of Administration. They haven't eliminated those Departments of Administration. But what those Governors in the 20 States have realized is that digital government is so important to the functioning, to the mission of the Governor, of their administration that they need to create somebody whose mission it is to solely do that. And I think, Mr. Chairman, you've made that point, that it's not really a question of OMB falling down on the job. It's just that it's not their core mission. We need some institutions where that is the core mission. Last, there is a notion, well, maybe we don't need this because we can do this as single projects. And, again, the notion of Mr. Koskinen and the Y2K czar--and I'll quote Ms. Katzen saying that what was key about Mr. Koskinen was that ``focused attention, captured imagination, and worked with State and local governments and the private sector.'' To me, that's what we need to be doing every day. It's not just a Y2K problem. It's a security issue. It's a privacy issue. It's reinventing our Federal Government. We need somebody who does that as their mission on a daily basis. Let me close by saying this really isn't something that--I think you heard from Mr. Doll that States are doing this. The private sector is doing this. The old model in the private sector was that the person in charge of information technology was down in the bowels of the company buying computers and servicing them and that sort of thing. The new model is that companies are creating CIOs that report directly to the CEO and are partners with the CEO. Let me quote Cisco CEO John Chambers. He recently stated, ``the role of the top information executive has been elevated to that of a strategic partner with the CEO and the CFO.'' Corporations are doing that for a reason because they realize that without transforming their own companies into digital companies, they're going to be left behind in the marketplace. I would argue it's time we need to do that for the Federal Government. Thank you very much. Mr. Horn. Well, thank you. How long is that report that you mentioned? Mr. Atkinson. The report that we issued, very readable, is about 13, 14 pages. Mr. Horn. OK. I would like to put it in the record at this point if I might. Mr. Atkinson. I will submit it. Mr. Horn. Thank you very much. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T4562.152 [GRAPHIC] [TIFF OMITTED] T4562.153 [GRAPHIC] [TIFF OMITTED] T4562.154 [GRAPHIC] [TIFF OMITTED] T4562.155 [GRAPHIC] [TIFF OMITTED] T4562.156 [GRAPHIC] [TIFF OMITTED] T4562.157 [GRAPHIC] [TIFF OMITTED] T4562.158 [GRAPHIC] [TIFF OMITTED] T4562.159 [GRAPHIC] [TIFF OMITTED] T4562.160 [GRAPHIC] [TIFF OMITTED] T4562.161 [GRAPHIC] [TIFF OMITTED] T4562.162 [GRAPHIC] [TIFF OMITTED] T4562.163 [GRAPHIC] [TIFF OMITTED] T4562.164 [GRAPHIC] [TIFF OMITTED] T4562.165 [GRAPHIC] [TIFF OMITTED] T4562.166 [GRAPHIC] [TIFF OMITTED] T4562.167 [GRAPHIC] [TIFF OMITTED] T4562.168 [GRAPHIC] [TIFF OMITTED] T4562.169 [GRAPHIC] [TIFF OMITTED] T4562.170 [GRAPHIC] [TIFF OMITTED] T4562.171 [GRAPHIC] [TIFF OMITTED] T4562.172 [GRAPHIC] [TIFF OMITTED] T4562.173 [GRAPHIC] [TIFF OMITTED] T4562.174 [GRAPHIC] [TIFF OMITTED] T4562.175 [GRAPHIC] [TIFF OMITTED] T4562.176 [GRAPHIC] [TIFF OMITTED] T4562.177 [GRAPHIC] [TIFF OMITTED] T4562.178 Mr. Horn. When I was a university president, I had a CIO in 1971, and I began to wonder what's the fuss, folks, we did that 20, 30 years ago on every single decision before the university. He sat right at the management group. And it's about time that we got some focus on that in the executive branch. Now, our next presenter comes with great credentials that we all respect: William Scherlis, principal research scientist, School of Computer Science at Carnegie Mellon University. And Carnegie Mellon has done a marvelous job in working on just the issues that we're concerned about, so we're delighted to have you here. STATEMENT OF WILLIAM L. SCHERLIS, PRINCIPAL RESEARCH SCIENTIST, SCHOOL OF COMPUTER SCIENCE, CARNEGIE MELLON UNIVERSITY Mr. Scherlis. Thank you, Mr. Chairman. Mr. Chairman, Mr. Turner, Mr. Davis, thank you for the opportunity to appear today on this issue of the definition and role of the Federal CIO. My focus in this testimony is on innovation in government information technology. I am emphasizing innovation because I believe that we will not be able to realize the vision of government online, unless there is a new kind of leadership. Nor will we successfully address our security challenges. In particular I support the creation of a Federal CIO within the Executive Office of the President who can exercise positive leadership with respect to multiagency efforts, new kinds of customer-focused services, innovative acquisition processes and appropriate technological and architectural innovation. I'm going to make quick comments on each of these areas, but first the bottom line, which is that the Federal CIO must be empowered to provide this positive leadership. The empowerment should come from direct access to funds, agency funds which are used by the Federal CIO to leverage in order to buy down risk for innovative projects, for multiagency projects, and for exploratory projects. The process would be led by the Federal CIO, but administered and managed in individual agencies by agency CIOs. This would enable the Office of the Federal CIO to be a lightweight operation within the EOP along the lines envisioned in both of the proposed bills, H.R. 4670 and H.R. 5024. Why do we need this positive leadership? We need it in order to respond to several challenges. The first is customer- targeted services and multiagency efforts. Starting and managing a small business, for example, requires an entrepreneur to interact with multiple agencies--in the present regime--and to develop a deep knowledge of the roles and structure of those agencies involved. It would be much more effective to offer one-stop shopping, and this is now being done in many States. The State of Washington, for example, has a superb Web site. This kind of one-stop shopping is also offered through emerging Federal sites, such as seniors.gov, students.gov, fedstats.gov and many others. These sites illustrate the value of real customer focus, but they also demonstrate, in the way that they are managed the challenges of real cross-agency interaction. An important role for a Federal CIO will be to lead in defining these areas of customer focus and in forging partnerships among agencies to enable better targeting of services. These are aggregations of services that go beyond a simple bundling of the stovepipes that we've been talking about. The second challenge is the rapid evolution of technology. Moore's law shows no signs of being repealed. Software is becoming the principal building material for competitive advantage in many sectors, ranging from health care to banking and other sectors. As you know, the Federal Government has a principal role in long-term innovation in information technology starting as early as the 1890 census with Hollerith's punched cards. I am presently chairing a National Research Council committee that is looking at advanced information technology in government. We've issued two reports on crisis management and Federal statistics identifying a number of long term technical challenges. We are completing a final report that is more broadly focused and that addresses some of the issues that we are considering today. Mission agencies with organic research capability have developed a culture of IT innovation to help ensure that their special needs are addressed over the long term and also that they can respond rapidly to new challenges, for example, in the security area. A Federal CIO could help create this culture of innovation throughout the government. A third challenge is the overall mechanism by which we undertake and manage IT acquisitions. Consider the case of a major Internet portal--commercial or governmental: Requirements are unlikely to be fully clear at the outset. The underlying technologies are evolving rapidly. And the capability, once we deliver it, will need to continue evolving rapidly. The security environment, for example, is complex and continually changing. Although I am not an expert in acquisition processes and regulations, it is clear that the present mechanisms and culture remain oriented around what is called the waterfall model. This model is not well-adapted to experimentation or prototyping or other forms of focused, careful risk-taking. Program managers often seem to resist the use of more aggressive acquisition models including those already available in the Clinger-Cohen Act; for example, modular acquisition and the use of commercial off-the-shelf components. Why? Because they have strong incentives to meet schedules and costs--to make these as predictable as possible and risk at a minimum-- even when it comes at a cost of overall capability, flexibility, interoperability, and other less easily measured attributes. The Federal CIO should have a major role in helping agency CIOs structure incentives--and regulations where appropriate-- to facilitate risk-managed acquisition processes. My written testimony addresses several other areas where this Federal CIO could provide this positive leadership. I would like to conclude by saying that I support the concept of a Federal CIO who can provide this positive leadership and who can catalyze effective--and pervasive-- government response to both the challenges and the opportunities of delivering government online. Thank you very much. Mr. Horn. Thank you very much. We appreciate--I would like to have a definition before we leave you of the waterfall concept. Is that when you put somebody in the barrel, and they go over Niagara Falls? Just so we can get bureaucracy cleared up today because we will have two asterisks that I've gained. So I do not regard this as something I have cared not to do. I am very interested in doing it, and you have all been memorable. So it will be the Scherlis law and the Flyzik law. Tell me about the waterfall. Mr. Scherlis. The waterfall model is a term that refers to a traditional step-by-step acquisition model. First a process is undertaken to initially formulate a precise definition of the system requirements. This is a process that sometimes can take years. After this is complete, then contracts are let and development processes are undertaken, followed by test and evaluation and ultimately delivery. But by the time the capability is delivered, the world has evolved and the requirements have changed, even assuming they were correctly identified at the outset. That's the waterfall model. It is a model that works well only for classes of systems that we have already developed successfully. It does not work well for systems that have even mildly innovative character. Mr. Horn. Having spent part of my life for 22 years at one university, I now think that even the Federal Government looks efficient. But I think you would agree on that. Things take a lot longer in the university. OK. Our last presenter and one individual who is very well known to this committee, and we appreciate all he's done for this subcommittee over the last 5 to 6 years, Dwight Ink is President Emeritus of the Institute of Public Administration. He was a former Assistant Director for Executive Management in the Office of Management and Budget from 1969 to 1973. A highly respected civil servant, he was taken by various Presidents to clean up this agency and that agency and another one. So we welcome your thoughts, Mr. Ink. You've got--I will give you 6 minutes. STATEMENT OF DWIGHT INK, PRESIDENT EMERITUS, INSTITUTE OF PUBLIC ADMINISTRATION, FORMER ASSISTANT DIRECTOR FOR EXECUTIVE MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET (1969-1973) Mr. Ink. Thank you, Mr. Chairman, Mr. Turner and Mr. Davis. It's a pleasure to be here. By the way, I didn't think the waterfall approach ever worked very well. In summary, I believe the sponsors of these bills are correct in searching for ways in which to strengthen the information technology leadership capacity of our government. I do not believe these bills, however, provide the best way of achieving those goals, and, in fact, I think they may weaken what the sponsors are trying to accomplish. I would also urge that the committee look at this issue as well as others from the total Presidential perspective and the total congressional perspective rather than just IT. Otherwise I think we contribute to further growth of a stovepipe approach to government. First, as was said at the beginning of these hearings, IT certainly should be regarded as an integral part of the agency administrative and program activities. It is really the glue that connects everything else people do in government. So one of our goals, it seems to me, should be to search for ways to better integrate information technology with other management and program activities. I believe establishing a Federal Chief Information Officer that is freestanding and separate from other elements of management leadership will work against the need for integration. I also have some questions about the feasibility of some of the separation that is contemplated. For example, there are several paperwork reduction functions that are transferred out of OMB to this new office, and yet the basic tools for dealing with red-tape-cutting remain in OMB. So if these bills are passed, the leadership for cutting red tape is divided between two agencies, and I think that tends to result in nibbling at problems rather than reforming government processes. I think that fragmenting central management responsibilities inevitably creates unnecessary burdens for the agencies. Again, this is part of your stovepipe problem that was mentioned earlier. I believe this separation not only weakens IT over the long haul, it weakens other management functions. In my view, the more we establish organizational barriers among different fields of management, the less one area will benefit from the other, the less synergistic value we gain, and the more we handicap the President and the agencies in modernizing government. I would also ask the question if it should be regarded as necessary to have a freestanding IT unit in the Executive Office of the President, should we not do the same with respect to financial management, an extremely important area? What about procurement? What about program management? Everyone wants to be independent and report to the President, but in my view, this is the road to confusion, higher cost, managerial chaos and, again, stovepipe government. I do not see the freestanding IT office as having the capacity to provide the strong leadership that I know Mr. Davis, and Mr. Turner are seeking. People tend to assume that any office that reports directly to the President, especially if they are within the Executive Office of the President, has muscle, but this is simply not true. I know. I've been there. In fact, it is difficult for any organization to gain sustained attention on management issues because there are so many competing pressures within the Executive Office of the President. The OMB uses the leverage of the budget to help on issues directly related to the budget, but other management issues have great difficulty in competing with the budget pressures in OMB. A freestanding IT would have not even the budget leverage. In discussions about a separate Office of Management which have taken place in this committee, we've listed a series of elements of that office which we believe are absolutely necessary to provide the leverage needed to provide effective leadership on behalf of the President. I don't see any of those levers present in this separate IT. Without these levers, an Office of Management, I think, would not be wise, strongly as I support the concept. I believe a more narrowly based, freestanding IT would be even more impotent. Even with a structure separating these two, there would have to be some relationship to OMB. But who would coordinate IT and OMB? I mentioned other problems in my testimony. Although I do not support a freestanding IT, I do agree with the sponsors that it is desirable and, very important to take steps to enhance the IT leadership structure. This is one of the reasons I support the Office of Management which has been under consideration by this committee. The OMB leadership is hard pressed by complex annual budget and economic issues, and its leadership simply does not have the time to provide the focus and the energy that IT leadership requires in this day and age. An Office of Management would provide this leadership focus. It would provide the integration, and avoid the fragmentation of an isolated IT office. In summary, I believe an Office of Management, given the necessary leverage, would be a much better solution to what I agree is a need for greater IT leadership capacity. It would have the leverage and avoid isolating IT from other components of management leadership. Though I think these bills would have unfortunate unintended consequences that would run counter to the intent of the sponsors, I do agree with the sponsors on the need for change. I just think there's a better way to achieve their objective. Thank you. Mr. Horn. Thank you very much. [The prepared statement of Mr. Ink follows:] [GRAPHIC] [TIFF OMITTED] T4562.179 [GRAPHIC] [TIFF OMITTED] T4562.180 [GRAPHIC] [TIFF OMITTED] T4562.181 [GRAPHIC] [TIFF OMITTED] T4562.182 [GRAPHIC] [TIFF OMITTED] T4562.183 Mr. Horn. That's very helpful testimony, and I can tell you've--given the preciseness within your paper, that you've spent a lot of your life on trying to get to the essence of a problem. So we're grateful that you've come from various States where you're now living and giving us some wisdom. So we thank you. We now have the questioning. The gentleman from Texas Mr. Turner, 5 minutes for questioning, and then Mr. Davis. Mr. Turner. Thank you, Mr. Chairman. We appreciate the testimony that each of you has given us, and I think it is apparent to us that every witness on the panel, perhaps with the exception of Ms. Katzen and Mr. Ink, have advocated a Federal CIO. We all respect that there is a clear issue we must correctly address as to how it should be structured. That is not to say that we should not address it within the context of the remarks Mr. Ink made. And I know Mr. Ink has been an advocate of separating the Office of Management and Budget into two entities with a Director of the Budget and a Director of Management, but it does seem that at least as we look to the private sector, the private sector has recognized the importance of having a chief CIO who works with the CEO and the CFO. I might ask, Mr. Scherlis, if you wouldn't mind commenting on the CIO in the context of the remarks Mr. Ink made as to where you think the structure should be in order to perhaps accommodate the kind of concerns that we just heard expressed from Mr. Ink, who definitely has a vast experience in the Federal Government. Mr. Scherlis. I enjoyed and appreciate his remarks, but I am unfortunately not familiar with the recommendations that were voiced here earlier concerning the concept of a separate Office of Management. But pertinent to the issue is the recent report released by the President's IT Advisory Committee on August 31 concerning transforming the government through information technology. It recommends creation of a new office within OMB called the Office for Electronic Government [OEG], with strong senior leadership. Although the concept of the Federal CIO is not explicit, the recommendations that we're talking about today are consistent with the recommendations of that report. The reason for separating the OEG from the OIRA within OMB is to create a focus of positive leadership that is separate from regulation and policy. There are many roles that are now being bundled together in one organization, and some separation of those roles is appropriate. On the basis of comments of Mr. Ink today, I believe that the recommendations that I've voiced are consistent with his comments. Mr. Turner. Mr. Atkinson, do you have an observation here? Mr. Atkinson. Yes, The major point I would want to stress after listening to Mr. Ink's comments is that information technology is fundamentally different. This is to me the central mission, the central challenge facing the Federal Government today, and it will be the central challenge for this decade, just as when we made this last major transformation from an old economy to a new economy back in the 1930's and 1940's, and we created all new management structures in the Federal Government. I think this is just as equally a major transformation. This is about creating a fundamentally new economy, a digital economy, and it's creating a fundamentally new type of government. And I don't think that the existing structure of OMB or even in the Office of Management is suited to do that because the key to all of this is digital reinvention, and I think the core of that has got to be someone who is a CIO, who has that as their sole mission. The second point would be I think Mr. Ink mentioned we need to think beyond IT. I couldn't agree more. We need think beyond IT. That's why I think the CIO--if the CIO is just a glorified computer systems manager, then we won't think beyond IT. But if you think where the States are, most of the States' CIOs, when you listen to what they have to say, they're the ones that are arguing--all their language is about cross-cutting applications, breaking down barriers between bureaucracies and agencies who don't want to do that. And I think that's why the CIO is central to making all this happen. Mr. Turner. Mr. Rummell, I would like to hear your comments on it. I heard you say at the beginning of your testimony you've been working in the IT field for 30 years. One of the things I see lacking today in OMB is anyone with the background, the experience, the expertise to really move us forward aggressively in IT, but perhaps you would have some comments to share on the subject? Mr. Rummell. First of all, when I started with the Federal Government of Canada, I went on a whistle-stop tour of the departments and talked to the heads of the departments and agencies and the heads of the technology function of the departments. And I asked them what they were looking for from me as the new CIO for the government, and they said to me, leadership. And that surprised me, being in the land of leaders, because I suspected that all these people were leaders by themselves, but they really were looking for my leadership. They also were looking for us to provide the strategic direction; that was an overall context to take it from a 50,000-foot elevation right down to ground level, and provide direction with large projects that were in trouble, to provide for e-government initiatives to coordinate and deliver services, and from the things that we put into place, we made a lot of progress. There was a lot of frustration. We really provided focus, and I think we provided a very solid operational plan, and I think that's what I was able to accomplish is that focal point. Mr. Turner. Thank you. Mr. McClure, when you look at the existing structure of OMB, is there anyone there who by education or background is uniquely qualified to fill this role today or--and I guess I might ask you is there anyone over there who has that as their sole responsibility? Mr. McClure. No. I think that highlights the concerns that I raised in my testimony, Mr. Turner. The Deputy Director for Management created by the CFO Act wears many, many hats, both the Chief Financial Officer, general management functions, statistical policy, procurement. The list is quite long in terms of overall management responsibilities of the Deputy Director for Management. Similarly in OIRA, the OIRA Administrator is really focused heavily in terms of resources on information collection requests, on burden reduction reviews and on calculating the cost and benefits from Federal regulations. So a lot of the staff in OIRA are focussed on these issues as opposed to the IRM or IT issues. So as a result we don't have someone in OMB full time focused, I would argue, on some of these important IT issues. Mr. Turner. Thank you. Thank you, Mr. Chairman. Mr. Horn. The gentleman from Virginia Mr. Davis. Mr. Davis. Thank you. I also want to extend my thanks to all the panelists. Mr. McClure, let me go back and ask you a question that I asked Ms. Katzen earlier. I asked if she could describe the leadership role that OMB has displayed in the past in defining--in managing interagency items. I am not just speaking of money items, but managing IT resources. How do you think OMB has kept track of those initiatives so that responsive decisions could be made when projects aren't working and should be halted or when a new direction should be taken? Mr. McClure. Mr. Davis, I think since the passage of Clinger-Cohen, to its credit OMB has certainly stepped up to the plate with some specific guidance, better guidance in many areas, for the agencies, in architecture, investment control, capital planning. We've worked actually with OMB in revising some of the guidance. I think the question for OMB is how to use the information that results from that new guidance to make really tough decisions about stopping, delaying, canceling or even accelerating good Federal IT programs, and that, I think, is where the jury is out. The fortitude of OMB to be able to step up to the plate and stop projects has not always been clearly demonstrated, in our opinion. Mr. Davis. Mr. Flyzik, let me ask you a question. Can you give me any recommendations that have been made by the CIO Council that have been implemented by OMB? Mr. Flyzik. What OMB has been doing with us, sir, is working to facilitate our recommendations. We do have a whole list of things that we have moved on, and moved quite quickly on. We have a whole lineup of interagency activities. The FirstGov project comes to mind; our public key infrastructure in the bridge certificate authority that enables digital signatures to really happen; the Access America series, Access America for seniors and students. We have a number of wireless initiatives. We have the Federal Commons Project, the Enterprise Project. They are supporting us on the concept of ITPS, or the information technology portfolio system, which will give us a common platform for building IT portfolios across government. The OMB role has evolved to one that I think has been working well. In the beginning, I guess, the Council went through kind of a bonding process, trying to figure out who we are and what we're going to do. I think we've moved over time into more of a leadership role where OMB is giving us support to move forward on projects and is listening and working with us. Mr. Davis. So as far as information resources management goes, you think that OMB is handling this, this statutory authority, is handling it well? Mr. Flyzik. I think it's evolving well under the guise of Clinger-Cohen. I do believe we're moving in a very, very positive direction. OMB is supporting us. As you're well aware, the Council does not have authority to issue policy. OMB does. What we do is we've been working with OMB in situations where we need policy guidance. Mr. Davis. Right. But can you give me a specific recommendation that you've made to them? Mr. Flyzik. We have Internet use policy. We're working on privacy policy now. We have a dialog ongoing on our Internet privacy issues and a number of things along those lines. Mr. Davis. Mr. McClure, do you have any observations on that? Mr. McClure. I think, as I said earlier, I agree with Mr. Flyzik that the role of OMB has changed under the recent passage of laws. They had tremendous responsibilities for not only issuing guidance, but also oversight responsibilities for major IT projects in the Federal Government. So, again, I return to the point, OMB should not be totally focused on justification for projects in the Federal budget. It also should play a role in stepping up and helping control projects that are out of line in terms of cost, schedule and performance. And in that area, again, I think that the track record is not what we would like to see it to be. Mr. Davis. Mr. Doll, let me ask you a question: In States where the CIO has multiple bosses, reports to one or more cabinet secretaries, what's their experience in achieving an integrated and coordinated information resources management policy? Mr. Doll. Where States' CIOs deal with multiple entities to get the job done, because of the typically high level, whether it's to the Governor's staff in addition to some council, or other entity that controls, again, it's a statewide implementation and application of technology across the State. And I think that's truly what the key is, because unless they're inserted at a level in the organization that's looking at IT as an entity in a field that helps make vision reality, then that's where they can have impact. Most States have put IT up there with human resources, financial management, administration, services that are used to make the vision of a Governor happen. And whether that is put through some committee or some special commission that a Governor has established or to the Governor directly, it's really that orientation of saying that to make the vision of education, whether that may be in a State or make the vision of economic development happen, that what you're trying to do is align this information technology world to see that as a reality. Mr. Davis. Mr. Atkinson, let me ask you a question: You make a strong case for the need for a strong centralized leader to achieve a digital Federal Government. What, in your opinion, are the flaws in current structure placing IRM responsibilities with OMB? Ms. Katzen seems to conclude that instead of a Federal CIO, OMB should have a strengthened role. How do you respond to that? Mr. Atkinson. Well, I think a major reason I would say that, is that I don't think that would achieve what you all are wanting to achieve and others are wanting to achieve. OMB is responsible, as Mr. McClure mentioned, for so many other things. And I don't think it would give the leadership that, for example, Ms. Katzen provided on the Y2K issue where it is much broader than that. Let me just mention another example. A lot of what I think digital government is about frankly is the details. And let me just mention one--Students.Gov--which is a portal for students. It's a very good effort, it's a great effort, and the people who developed it should be commended. The problem is with Students.Gov, though, it's what other agencies are doing. For example, in the Department of Education, they have their own Web site designed around students. On Students.Gov, you can apply for a student loan online. On the Department of Education Web site, you can't apply for a student loan online. There's no link back to Students.Gov. I can give you many more examples like that. What I think they're a reflection of is agencies doing their own thing. Even when they can get together with a portal like Students.Gov, you still have agencies doing their own thing. That's why it requires centralized leadership--will drill down into that level of detail to make it a much more coordinated system. Mr. Davis. Thank you very much. Mr. Chairman, I yield back and thank the panel for their indulgence. Mr. Horn. I thank the gentleman. And I don't believe the gentleman from Texas has any more questions. I have just one or two. And Mr. McClure, I don't want to put you on the hot seat, but the question is this: Of the two bills being considered, which one is closest to what you would consider to be a Federal chief information officer's role, responsibilities and empowerment as far as GAO feels is their recommendation? Mr. McClure. The seat is very hot, Mr. Chairman. Especially with both members present. Mr. Horn. I don't know how it's going to come out either, but I thought we'd like your views on it. But you did a great report there. Mr. Davis. We're not taking names. Mr. McClure. I just want to reiterate that both of them have positive characteristics. There's no reason why things that are in both bills could not ultimately be combined or considered together. I think the real question is whether this position is inside or outside of OMB. That seems to be the drawing distinction. There are clear advantages for having the CIO outside of OMB and contained within the executive branch. Because of many of the reasons that we went over today, it avoids the problem of multi-hatted responsibilities within the Office of Management and Budget. Having said that, it also creates, as many people have said, tremendous risk in that you're removing that budget lever from the chief information officer. I don't think that's necessarily true and it's certainly not true in private sector and public sector CIOs who do not have budget control either. They simply have to come to the table and work with those individuals that have budget control and the two combined can pull that lever. And I think that's the attraction that these bills have is they free up time for somebody to focus full time on such issues like electronic government and security at a time desperately where we need that kind of attention. It also allows them to sit at the table with the Director of OMB and have some very frank input on some budget directions and budget control. So I think, again, I've avoided answering directly, but I think that's the positives that I see in both bills. Mr. Horn. Mr. Doll, if I might, let me try this question out on you, and you probably don't have the answer, but maybe you do. A number of Governors change every once in a while based on the election. Have you found that the chief information officer of a State is carried on by another Governor, or do they have to sort of be partisan in relation to the Governor? What's your sort of off-the-top-of-the-head view of that. Mr. Doll. Well, to give you a scope, we've lost 16 CIOs this calendar year for one reason or another. Most going to the private sector. A number of those tied to the fact that this is the last year of the Governor's term. So we expect in the future that you will get this turn over. I think it's critical that the CIO be aligned to the Governor so that his or her vision can be carried out. And not someone who as you mentioned, will be able to sort of pass from administration to administration. Yes there is value in that, but the rest of the civil service below that level is typically there year after year, term after term. The key part to us at least in talking with my colleagues is making vision reality and applying information technology to that. And you have to be close and have the same orientation as that Governor to be successful in my mind. Mr. Horn. Mr. Rummell, I really have the same question in relation to the Canadian Government. When there were turnovers, did the CIOs in the agencies change or what? Mr. Rummell. There have been changes, again we've kept the same government so there haven't been political changes. There certainly have been no new CIOs appointed or rotated based upon the changes in the heads of agencies. I guess one of the other things that we had too, if I could make another comment, that was a terrific feature started in our government was agency heads would meet at a committee on information technology issues. They took a role of very active sponsorship and met at least once a month for 1 to 2 hours, and discussed cross- cutting IT initiatives across the agencies and departments and the Canadian Government, and that really raised the level of sponsorship for the CIOs and for initiatives that were providing overall services to the public. So that's where I think we were also able to make a difference. Thank you. Mr. Horn. Well, thank you. I want to thank this panel. Mr. Ink. Mr. Chairman, could I make one rebuttal comment? Mr. Horn. OK. Mr. Ink. I think the States provide excellent ideas, excellent examples in many areas of governmental activity. You look at welfare reform, for example, they were well ahead of the Federal Government. And I think in terms of information technology, as it relates to the delivery services, States have a lot to offer. But I wanted to tell you there is a tremendous difference between operations within a Governor's office and that within the President's office. The leap in terms of pressures and the difficulty of having a workable base which will provide the strength for leadership is entirely different. Look at the West Wing program. I was thinking yesterday about the daily meetings I used to participate in with the top White House staff. Had I had responsibilities for only information technology or only procurement or only financial management, I wouldn't have been there, much less have had a voice at the table. Separate IT isolated from these other responsibilities will not have a voice at the table. Much as people might wish it otherwise, I think that's the fact of life, that's the way the President's office functions. Mr. Horn. Well, we thank you for that. We thank you also for coming on less than 24 hours' notice. And---- Mr. Ink. Much less. Mr. Horn. Much less. I think all of your testimony has been very helpful and I'm grateful to you. I think some of the charts all of you provided was also very helpful. Staff on both sides might wish to have some questions sent out to you, and if you would take some time and give us a couple of answers, we'd like to put them at this point in the records if there's some we've missed or there's something you'd like to get on the record. But right now I'm going to thank our staff who put all this together: J. Russell George, staff director, chief council of the subcommittee; gentleman to my left, your right is Randy Kaplan, council to the committee, and he's worked on this particular hearing; and yesterday Ben Ritt, professional staff member on loan to us from the General Accounting Office, which always has good people and we're glad to use them; Bonnie Heald, director of communications; Bryan Sisk, clerk; Elizabeth Seong, staff assistant; George Fraser, intern; and from Mr. Turner's staff, Trey Henderson counsel, he's on his right; and Jean Gosa, minority clerk. And Mr. Davis' staff, Amy Heerink, we know how good she is on a lot of these things, and Melissa Wojciak. Then our court reporters are Julie Thomas and Colleen Lynch, and we thank you very much. And we adjourn the meeting. [Whereupon, at 12:16 p.m., the subcommittee was adjourned.]