Rep. Ted Lieu, D-Calif., has a unique take on Federal IT. That’s because he’s one of just four members of Congress with a degree in computer science. The congressman likes to joke that he’s a “recovering computer scientist,” but his background gives him credibility when he discusses issues like two-factor authentication or IT innovation.
That’s also why Lieu is one of four co-chairs of the Cloud Computing Caucus Advisory Group (CCCAG), along with Reps. Gerry Connolly, D-Va., Barbara Comstock, R-Va., and Mark Walker, R-N.C.
The CCCAG recently caught up with the congressman following its Oct. 6 meeting, “Beyond the Breach–A Secure Cloud Environment,” to discuss his ideas for improving Federal IT, the Federal Information Technology Acquisition Reform Act (FITARA), and giving Chief Information Security Officers (CISOs) more authority.
CCCAG: How would you characterize the quality of the IT that you use every day on the Hill? I wonder if it’s an example of the outdated IT the Federal government is generally known for using, or if it’s more modern.
Lieu: The quality of IT is often a function of the available funding, and the Hill is no different. As a freshman member of the House of Representatives, I can’t compare it to what was here before I arrived. Like everywhere else in government, we have had to do more with less as office budgets have been cut. I have no complaints about our office computers with the exception that we can’t use Skype.
CCCAG: Let’s talk about the bigger Federal IT picture. You’ve discussed the three things you believe need to change in Federal IT. The first is the need for IT upgrades. That’s very broad. Without discussing cloud computing–because we’ll get to that next–name three IT upgrades you believe the Federal government needs to make and describe how those changes would help?
Lieu: There are three areas where the Federal approach to IT could improve:
1) Upgrading legacy systems. Every Federal system using COBOL or other archaic programming language needs to be replaced. COBOL was never designed for a 21st-century world with issues such as cyber threats, remote and mobile applications, and cloud computing.
2) Upgrading security. Every agency needs to institute two-factor authentication. This change makes it more difficult for hackers to access Federal computer systems and databases.
3) Ensuring interoperability. Agencies should move toward more interoperability between systems. For example, it is ridiculous that the Department of Veterans Affairs and the Department of Defense do not have interoperable electronic health records.
CCCAG: Cloud computing also represents an area of Federal IT that many people believe can help agencies by cutting costs and improving cybersecurity. Why have agencies been so slow to adopt cloud computing if it can save money and improve security?
Lieu: Since I have been in Congress less than a year, I really don’t know why more agencies have not adopted cloud computing solutions. I am happy to work with stakeholders to increase the use of better and more efficient solutions, including cloud computing solutions.
CCCAG: Does Congress need to step in and force agencies to implement cloud solutions?
Lieu: Federal spending on cloud IT tripled from 2013 to 2014 and is growing every year. The Department of Defense has appointed a “Cloud Czar” to identify opportunities and move Defense IT to the cloud where appropriate. As long as Congress remains vigilant, the Federal government should keep moving in the right direction. I am happy to encourage more agencies to implement better, more efficient solutions, including cloud solutions.
CCCAG: You’ve also said the Federal government may need to hire someone with formal authority to oversee IT. Can you discuss that idea in more detail–what would that person’s role be? Is that a Cabinet-level position? How would that differ from the Federal CIO’s role? Doesn’t FITARA give CIOs the authority to make unilateral decisions? Or does FITARA not go far enough in granting CIOs more authority?
Lieu: FITARA has done a good job of reforming the IT project management process and giving authority to CIOs, but our cybersecurity operations are lagging far behind. We need greater accountability for our cybersecurity operations, including the creation of a single position that (1) oversees government cybersecurity operations and response, and (2) has the authority to mandate changes across agencies. I also believe agencies should consider what some companies in the private sector have done: make CIOs report to computer information security officers, rather than the other way around.