2154 Rayburn House Office Building
Thank you Chairman Meadows and Chairman Hurd, Ranking Member Kelly and Ranking Member Connolly, and members of the subcommittees for the opportunity to appear before you today to share the Department of Homeland Security’s progress on implementation of the Federal Information Technology Acquisition Reform Act (FITARA). I would also like to thank you for your continued support, governance, and commitment to achieving the goals of FITARA.
FITARA at DHS
DHS’s mission is to safeguard the American people, our homeland, and our values. Almost every mission and operator under our direction relies on Information Technology (IT) to enable and enhance performance of their critical duties – and this reliance is increasing every day. There are more than 650 major applications and approximately 4,000 total IT systems operating today within the DHS environment. Therefore, for DHS to continue to successfully carry out its mission, we recognize the need to be at the forefront of advancements in IT.
DHS has leveraged FITARA implementation to facilitate positive change within the Department. As Chief Information Officer for the Department, FITARA gives me the authority to weigh in on IT projects much earlier in the budget cycle— when it matters most— while also enabling a clear line of sight across all phases of IT implementation. As DHS continues to institutionalize FITARA, I am confident we will see even greater improvements.
To ensure a comprehensive, deliberate, and lasting application of FITARA principles and practices, DHS utilized a phased implementation approach. In 2015, we laid a substantive foundation through planning, which we followed with rigorous implementation in 2016. We anticipate continued results in 2017 that we will capture through a variety of performance measures.
2015 – Planning Year
In 2015, DHS took the following steps to begin planning for FITARA implementation:
SOPs, Self-Assessment Report, Critical Analysis
As I previously mentioned, 2015 was a planning year for FITARA at DHS. From April to August 2015, the DHS OCIO (Office of the Chief Information Officer) reviewed relevant policy documents pertaining to FITARA requirements, supporting Standard Operating Procedures (SOPs) and process artifacts pertaining to Common Baseline practices. The culmination of this effort was a comprehensive self-assessment report and implementation plan submitted to OMB in August 2015 that indicated how well DHS aligned to each core FITARA requirement, identified current gaps, and crafted an action plan outlining how DHS proposes to ensure that all FITARA requirements are fully executed.
In addition to ensuring that DHS complies with FITARA, the DHS FITARA Implementation Team helped drive critical analysis of existing activities that impact how IT investments are selected and managed throughout the agency. This analysis identified needed changes and improvements to expand DHS CIO visibility and oversight to address short- and long-term objectives.
Revised IT Strategic Plan
The DHS Information Technology Strategic Plan 2015-2018 was updated in January 2015, laying out the Department’s progressive IT vision, which were ultimately in strong agreement with the goals and objectives of FITARA. With many FITARA principles already in place, the updated DHS IT Strategic Plan is a reflection of our ever-evolving mission challenges and DHS’s coordinated effort to integrate people, processes, technology, information, and governance in a way that efficiently and effectively supports stakeholder needs.
2016 – Implementation Year
This year—2016— was a year of FITARA implementation at DHS. Building upon the many FITARA principles already in place, we entirely changed our approach to doing business, developed FITARA performance metrics, and conducted software acquisition pilots. Our FITARA implementation included the following improvements:
New IT Business Model
DHS OCIO conceptualized a new, customer-centric IT business model, which was implemented in 2015 and brought about initial results throughout 2016. When FITARA was passed, DHS’s new model aligned well with its intent. FITARA promotes government savings and efficiency in the procurement of IT through greater visibility and CIO engagement. The consistent demand for rapid delivery of new technologies, coupled with fewer resources and dollars government-wide, prompted the transformation of the DHS IT business model from an “own and operate” legacy approach, to a services-based, customer-centric IT business model. Rather than build our own products, we began to take full advantage of emerging technologies from multiple sources, and develop strategic partnerships with our internal lines of business and industry. This was made possible through the active role the CIO plays in IT capability development and execution.
To lead DHS through the FITARA transformation, we began by strengthening the Office of the Chief Information Officer (OCIO) through a realignment. The Office of the CIO now has two Deputy CIOs, a Chief Technology Officer (CTO), and a Digital Services Team. The Principal Deputy ensures that programs and selected investments are aligned with the DHS IT strategy and the Homeland Security Enterprise Architecture for a unified, efficient and effective use of resources as we build and transform our IT capabilities. The second Deputy CIO has full responsibility over IT operations and service delivery, with the goal of improved procurement and delivery of IT services that ultimately support mission operations across the Department. The CTO is charged with developing the capacity for continuous innovation and improvement across the Department and engineering the “digital transformation” of DHS: leveraging technology, data, and design to optimize operational processes, re-imagine user and customer experience, and empower and engage employees. DHS has also created a Digital Services Team to play a key role in this transformation effort; particularly, how DHS delivers critical IT services to the public and to mission operators.
U.S. Digital Services Playbook
To allow the Department to focus our delivery on driving value to the mission for users at all stages in the lifecycle, the DHS CIO community has adopted the U.S. Digital Services Playbook methodology in support of the OMB Digital Services Playbook. DHS must ensure we are leveraging today`s technologies; meaning using open source, cloud, and automation wherever appropriate. The Digital Services Playbook provides a program with proven strategies to increase our agility and flexibility in today`s evolving IT field.
OCIO’s Office of the Chief Technology Officer (OCTO) has initiated the software acquisition pilots to improve the acquisition of IT programs. The five programs selected for the pilots were at different stages of development and are now utilizing “Agile” methodologies. These pilots will help the Department define best practices and improve IT acquisition policy and processes.
IT Training/FITARA Staffing Model
DHS is leveraging the implementation of the FITARA to support the new business model through the required assessment and training of the IT workforce. We have made significant progress toward IT workforce goals through collaboration with the Office of the Chief Human Capital Officer (OCHCO). Efforts are underway to identify gaps between current and future skill needs to ensure employees are trained. Additionally, the DHS FITARA Implementation Team established a staffing model that, once finalized and socialized, will provide direction on the staffing needs for FITARA across DHS HQ and the Components.
Recruitment (DHS Cyber and Technology Hiring Fair)
While these gaps are being assessed, the Department is also looking at attrition rates and working to recruit and retain staff with critical skillsets. On July 27 and 28, the Department’s CIO, Chief Human Capital Officer, and Chief Security Officer communities partnered with the U.S. Office of Personnel Management Human Resources Solutions (OPM HRS) to support the first-ever Department-wide Cyber and Technology Hiring Fair in the National Capital Region, where DHS demonstrated the various high-profile and cutting-edge job opportunities available. The event was intended to recruit, assess, and select talented individuals for multiple mission-critical positions, and DHS was able to achieve significant economies of scale as well as substantial reductions in time-to-hire through this recruiting event. This two-day event generated more than 14,000 applicants, 2,500 walk-in candidates, and 842 onsite interviews. As a result, the Department made more than 400 prospective job offers. Of this number, over 120 candidates became new employees within sixty days.
CIO Certification of Programs, DHS Agile Instruction and Guidebook, DHS Agile Center of Excellence
DHS has developed OMB guidance on the adoption of an incremental software development methodology and iterative delivery of useable functionality across our portfolio of IT investments, programs and projects. To further comply with FITARA requirements, we are developing a process to provide CIO certification that investments are using incremental development in accordance with the aforementioned principles.
We also published the DHS Agile Instruction and Guidebook in FY 2016, which establishes Agile as the preferred development approach for all IT programs and projects, and we are in the process of implementing it across the enterprise, where appropriate. To support the DHS Agile Instruction and Guidebook and our implementation of Agile, we established the DHS Agile Center of Excellence (COE). The DHS Agile COE provides DHS program and project managers with guidance and resources to successfully support the implementation of Agile IT development.
FITARA Metrics/Performance Measures/FITARA Implementation Maturity Model
DHS has recognized the need for establishing performance measures to demonstrate the improvements generated by FITARA-driven changes. As such, the OCIO has outlined a third phase of the FITARA implementation approach that is focused solely on the development of measures to assess performance and outcomes. DHS is currently participating in a Federal-wide working group to identify FITARA performance metrics and is one of the lead organizations in this important effort. In addition to measuring the impact of FITARA, the Department is developing a FITARA Implementation Maturity Model to measure the implementation of the various processes within DHS Components.
2017 – Results Year
In 2017, we will continue to reap the benefits of the Department’s concerted FITARA planning and implementation efforts in 2015 and 2016. We will release an internal DHS FITARA Scorecard that will enable us to closely track FITARA implementation, and we believe it will reflect the emphasis we have placed on successfully integrating CIO visibility and oversight of IT across the DHS mission space.
DHS FITARA Status (successes and challenges)
DHS has launched efforts on multiple fronts to improve the management of IT acquisitions as well as existing IT systems, positioned itself as a leader in various efficiency initiatives, and stood up the Joint Requirements Council to evaluate high priority, cross-departmental opportunities as part of the Secretary’s 2014 Strengthening Departmental Unity of Effort initiative. The Department will sustain its commitment to successfully implementing FITARA through the practices outlined below:
Data Center Consolidation/Optimization We will continue our consolidation efforts in FY17, having consolidated and closed 41 of 102 (40.2 percent) non-core data centers per the Federal Data Center Consolidation Initiative (FDCCI) inventory. The Department’s additional planned consolidation of legacy data center sites will be supported by remaining DHS migration funding.
In response to the August 1, 2016 OMB Data Center Optimization Initiative (DCOI) guidance, DHS is working to optimize data center investment via the DHS Enterprise Computing Services (ECS) concept of converged infrastructure. ECS is a Department-wide contract vehicle designed to establish a portfolio of Blanket Purchase Agreement(s) for commercial, commodity-based Infrastructure-as-Service (IaaS) cloud services on an ongoing basis. This acquisition provides access to IaaS cloud services, either directly from cloud service providers or through their GSA re-sellers. DHS awarded the Cloud Computing Services contracts on November 30, 2016. The award was made against the GSA Federal Supply Schedule 70 – Electronic Commerce and Subscription Services and Cloud Computing Services.
Risk Assessment Transparency
DHS is in compliance with FITARA for conducting and submitting risk assessments for its major IT investments. Additionally, if any of the Department’s 92 major investments rate as high risk for three consecutive months, the OCIO conducts “TechStats” aimed at identifying and addressing the root causes of risk. DHS also performs a comprehensive and collaborative Technical Assessment geared toward reviewing investments’ planned technologies, to include an evaluation of the technical maturity of the technology, manufacturing capability, and technical risks. This Technical Assessment is performed early in the acquisition life cycle before CIO approval is granted for a program to procure a technology.
Areas for Improvement
While the Department continues to head in the right direction, we recognize that there is still work remaining to achieve full implementation of FITARA and the goals it was intended to support.
OCIO is in the process of reaching out to each major program (and supporting programs and projects) to determine whether they are using an incremental methodology for any software development activities, and we will provide appropriate guidance, gap assessment, or other resources to promote incremental development, as appropriate.
IT Portfolio Review Savings
In the five years since DHS implemented PortfolioStat in August 2012, we have realized $1.5 billion in cumulative savings as of the end of FY2016. This includes $1.2 billion in actual reductions in spending below projected levels and $0.3 billion in cost-avoiding changes in business processes. DHS’s realized savings are triple the original savings projections of $504 million. We pursued savings by implementing an enterprise approach to the delivery of IT services that actively leveraged strategic sourcing and shared services.
As we begin the next five years, DHS is focusing on adoption and implementation of multi-provider and commercially-provisioned enterprise computing options to rapidly accelerate the maturing of the Federal Cloud Computing Initiative (FCCI), the Federal Risk and Authorization Management Program (FedRAMP), and recent mandates including the FITARA and the Data Center Optimization Initiative (DCOI). This will provide DHS with additional alternatives to increase secure information sharing and collaboration, enhance mission effectiveness, and further reduce the total cost of information technology ownership, operation and sustainment.
DHS looks forward to working with Congress, the Government Accountability Office, and other Federal stakeholders to continue to reduce costs and increase the value of our IT acquisitions through effective and efficient implementation of FITARA. Thank you for the opportunity to share our progress; I am happy to answer any questions that you may have.