US Education CIO Admits To 'Unacceptable' Behavior - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


US Education CIO Admits To 'Unacceptable' Behavior

US Department of Education CIO Danny Harris was grilled by lawmakers about possible ethics violations. Meanwhile the department, which has a lending budget the size of Citibank, was still said to be vulnerable to security threats.

Top Priorities For State CIOs: 2016
Top Priorities For State CIOs: 2016
(Click image for larger view and slideshow.)

Danny Harris, CIO of the US Department of Education, was again before the House Oversight and Government Reform Committee last week, testifying about allegations that he had created side businesses, failed to pay taxes on the income they created, used employees to help support the businesses, and had improperly awarded contracts to a business owned by a friend.

"I fully understand and take responsibility for how some of my actions allowed questions to arise," Harris said in a testimony presented before the House Oversight and Government Reform Committee on Feb. 2. "The actions I took showed that I used poor judgment and I deeply regret those actions."

Harris went on to defend his performance, however, as the DOE's top tech official, and to describe progress that has been made to improve the department's cyber-security position.

In Nov. 2015, Harris testified before the same Committee, under allegations that shoddy leadership had led to vulnerabilities in systems responsible for the personal information, including Social Security numbers, of 139 million Americans.

The department additionally has a student loan budget of $1.2 trillion, which invites comparisons to the fiscal might of Citibank.

"As I stated during my testimony last fall, I am committed to ensuring that the department reaches our goals to continually improve our cyber-security and we continue to make progress on those plans," Harris said Tuesday.

(Image: jensjunge via Pixabay)

(Image: jensjunge via Pixabay)

On Nov. 4, 2015, the committee released a scorecard assigning letter grades to each federal agency, based on its implementation of the Federal Information Technology Acquisition Reform Act (FITARA). Enacted in Dec. 2014, FITARA, in the words of the committee, "provides a set of tools and guidelines that ... allow agencies to better manage IT systems and acquisitions."

The DOE received an "F."

DOE Acting Secretary John King, Jr., who "counseled" Harris and met with him monthly throughout 2015 to help manage his progress, testified alongside Harris. According to King, the department has made "significant progress" in implementing two-factor authentication for privileged users, which he called, "one of the most important steps we can take to strengthen our cyber-security."

In that regard, the department's compliance had moved, King testified, from 11% to 95% as of Jan. 31. For privileged users of the department's EDUCATE and VDC environments, compliance is now 100%.

"I have directed the team to undertake a focused and disciplined approach to systemically resolving -- and addressing the root causes behind -- any cyber-security-related findings from both our 2015 FISMA Audit and the 2015 Financial Statement Audit," King testified.

Still, more progress is required. Committee member Will Hurd (R-TX) noted that 54 software programs the department currently uses are no longer supported by the vendor, and asked, "Why is that?"

Harris replied that the department is working to upgrade or retire 90% of the programs by June, and will take responsibility for the remaining programs.

While the two-factor authentication efforts were acknowledged as progress, the committee said it expects to see far more -- and expressed varying degrees of frustration with the situation.

"We should not be saying that implementing one part of a larger strategy is good enough," said Hurd. "I think we should be talking about, when 95% of the recommendations by the [Inspector General] are approved, that's going to be great work. When there are not repeat findings ... that will be good work."

[Read Government IT: Hot Tech Trends in 2016.]

Committee member John Mica (R-FL) added, "I think Congress and the American people have to think that the CIO position stands for chaos, ineptness, and outrage, after what we've learned this morning."

Harris was investigated by the DOE's Office of General Counsel, but not prosecuted. While Harris "displayed certain lapses in judgement," Sandra Bruce, Deputy Inspector General, said in her written testimony, her office "found no violation of law or regulation."

During the committee meeting, Bruce added that, while creating the businesses and not reporting income are violations, they were "not done knowingly and willfully."

"There's no reason why Mr. Harris shouldn't be fired," said Mica. "He's a senior executive service officer, he's failed continually since he took the position. I don't think you could find more ineptness or misconduct with any senior employee that's come before us. ... It's so offensive."

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

Michelle Maisto is a writer, a reader, a plotter, a cook, and a thinker whose career has revolved around food and technology. She has been, among other things, the editor-in-chief of Mobile Enterprise Magazine, a reporter on consumer mobile products and wireless networks for ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
2/18/2016 | 5:33:01 PM
not good enough
It's actually quite hard to fire people from government service, though I would hope as an appointed position it would be different.

It's this that really bugs me: "I fully understand and take responsibility for how some of my actions allowed questions to arise," I detest apologies that somehow come out as not an apology for wrongdoing but for how we felt about their wrongdoing. Apologies like that just aren't good enough. This guy should be fired. Then the student loan debaucle needs to be addressed, but that's a whole other issue.

User Rank: Ninja
2/9/2016 | 10:15:15 AM
Lack of accountability in the public sector
Whatever happened to public trust in government? If this happened at a private business, that man would have lost his job. Yet, because he works for the US Govt, he gets a slap on the wrist, a little bit of counselling and gets to reap all this money?! No wonder people don't trust our leaders anymore.
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll