Members of the House Committee on Oversight and Government Reform intensely questioned Danny Harris, the chief information officer of the Department of Education (ED), during a tense three-hour hearing on Tuesday.
The committee convened the hearing to review Harris’ conduct following an investigation by the Inspector General (IG), and to review the security of ED’s information services. Harris previously came under fire and found himself under investigation by the IG for allegations about engaging in a side business – which he testified was a hobby – with subordinate employees in the department, failing to report profits from the business on his income tax returns, and having a hand in influencing the awarding of a government contracting job to a personal friend. Since then, and based on ethics counseling by Department officials, Harris has taken action to correct the issues the IG reported.
“I think Congress and the American people have to think that ‘CIO’ … stands for ‘chaos, ineptness, and outrage,’ after what we’ve learned this morning,” said Rep. John Mica (R-FL). “There is no reason … why Mr. Harris should not be fired.”
“I don’t think you could find more ineptness or misconduct with any senior employee that’s come before us, and then rewarded for it,” Mica added. “It’s so offensive.”
John King, acting secretary of education; Sandra Bruce, deputy inspector general at ED; and Susan Winchell, ED’s assistant general counsel for ethics, also testified at the hearing. King and Winchell insisted that, while Harris displayed bad judgment in the matters cited by the IG, there was no violation of any law, regulation, department policy, or standard of ethical conduct. A number of committee members challenged that conclusion, however.
With regard to cybersecurity, ED holds records of 139 million Social Security numbers, but continues to be vulnerable to security threats, the committee reported before the hearing. Although it noted that no security breach has occurred to date, a “friendly” incursion by the Inspector General went undetected.
“In the IT sector, it is absolutely critical that we secure our data,” said Rep. Jason Chaffetz (R-UT), the committee chairman. “It is critical because taxpayers deserve the best in our chief information officer, and they’re not getting the best at the Department of Education.”
Committee members took issue with the fact that despite the IG investigation – which ultimately concluded that Harris’s home theater installation and car detailing activities qualified as businesses – the senior official continued to receive favorable performance reviews, and tens of thousands of dollars in annual bonuses. Meanwhile, Chaffetz pointed out, ED has received poor marks on both the committee’s Federal Information Technology Reform Act (FITARA) scorecard and the Office of Management and Budget’s Cybersecurity Sprint. Last November, the FITARA scorecard gave the Department of Education a failing grade based on four key areas:
According to the Congressional Research Service (CRS), FITARA “requires specified federal agencies to ensure that the Chief Information Officer (CIO) of the agencies has specified authorities and responsibilities in planning, programming, budgeting, and executing processes related to information technology.” Of 24 federal agencies that were graded using the FITARA scorecard, only three received an “F.”
“Mr. Harris has served as the chief information officer since 2008, and by virtually every metric, he’s failing to adequately secure the department’s systems,” Chaffetz said.
The majority of the questions during the hearing focused on Harris’s conduct, rather than the security of ED’s information services, but several members insinuated that Harris might not have been fulfilling his duties if he had been engaging in several other outside business ventures.
“He’s off with these other businesses, getting subordinates to do the work, taking bonuses, has three other jobs … and every single metric is going down,” Chaffetz said, referring to a workplace satisfaction evaluation conducted by the Partnership for Public Services, a third-party organization.
After OIG concluded its investigation, the Department of Justice decided not to prosecute Harris, and ED took administrative action in the form of verbal counseling and ethics guidance letters.
This hearing followed up on an earlier hearing held on November 17, 2015. At that time, ED had scored negative 14 percent on the Office of Management and Budget (OMB) Cybersecurity Sprint – meant to address critical vulnerabilities – for “total users using strong authentication.” During today’s hearing, ED cited significant improvement in achieving near-total 2-factor authentication among its contractors.
Moving forward, Chaffetz said the committee will continue to look into issues surrounding both Harris’s conduct and cybersecurity within ED.
Following the hearing, according to The Associated Press, Harris collapsed outside the Rayburn House Office Building on Capitol Hill, but is reportedly in stable condition.
Publication Date: 2/3/2016