Introduction

Chairman Hurd, Chairman Meadows, Ranking Member Kelly, Ranking Member Connolly, members of both the Subcommittees on Information Technology and Government Operations, thank you for inviting me to testify today. I am grateful for the Committee’s support for the work of the United States Agency for International Development (USAID) in information technology reform, and I am pleased to have this opportunity to discuss our progress in complying with the standards set out in the Federal Information Technology Acquisition Reform Act (FITARA). I have brought with me today Reggie Mitchell, USAID’s Chief Financial Officer, and Jay Mahanand, USAID’s Chief Information Officer, who have been instrumental in our technology reform efforts to help answer questions.

USAID is a global agency, charged with ending extreme poverty, and promoting resilient democratic societies while advancing U.S. security and prosperity. We employ more than 12,000 people and work in more than 100 countries. Our work is often done under the most difficult circumstances -- from a tent in Mexico City following the recent earthquake, to a small Mission in East Timor with a less-than-reliable internet connection, to a refugee camp in Jordan. We are an organization that depends on agile and mobile information technology.

We are also extremely data driven. For example, our Chief Geographer and GeoCenter use satellite data, demographic information, geo-statistics, and digital mapping to inform our decisions about where to target resources to maximize our development impact. Our Economic Analysis and Data Service provides a central source for all federally funded foreign assistance and international socioeconomic data.

Strong and effective information technology systems are essential to USAID achieving its mission in a modern world. As a relatively small agency with a relatively small IT budget managing a worldwide network, USAID has no choice but to embrace efficient IT. USAID is proud to have received the first A rating ever given under the FITARA Scorecard; our score reflects years of hard work to put in place key reforms to address the deficiencies of prior years.

Modernizing Our IT Systems

Eight years ago, USAID’s IT was in disarray. We operated our own data center in the basement of the Ronald Reagan Building, and each Mission overseas maintained its own servers. In Washington, we spent hundreds of thousands of dollars every year acquiring new equipment, powering, and cooling our data center -- what we got was regular outages and a system that left employees tethered to their desks. We lacked WiFi, laptops, and efficient remote access to email, and we collaborated by emailing documents from person to person.

In the field, the situation was even worse. USAID often operates in countries with low bandwidth. Our old email system did not function well in this environment, leaving many overseas staff waiting for long periods of time for email messages to load, if they were able to use their email at all. These operating constraints caused us to reconsider what we needed from an IT system. Not surprisingly, access to email for staff positioned in high-priority critical areas topped the list.

In February 2010, we realized that the status quo was not sustainable. Our need for greater email reliability abroad, for increased data storage, and for greater mobility, compelled us to look for a new, modern email system. Spurred by calls from the Office of Management and Budget and the White House to modernize our technology and move to a cloud-based platform, we began taking steps that ultimately gave USAID a cloud-based email system by 2012.

Over the last few years, the Agency has developed into the leading federal agency for cloud computing investments with at least 20 percent of its operational IT spending dedicated to cloud solutions.

Keys to Success

These investments in technology modernization have made us one of the most technologically efficient and effective agencies in the Federal Government. So today, I would like to share what we view as the keys to our success.

First, we accepted that updating our IT would be risky, that we would run into problems, and that we would not get everything right the first time. We knew that we needed to improve, and we were willing to take those risks. We embraced change. We brought people along and encouraged them to try new things, like the cloud. By being open about the changes underway, we smoothed the way for adoption. We strived for constant and clear communication about what was happening and why it was happening. And we were there to answer questions as they came in.

I was hesitant when we first moved to the cloud. I led USAID’s planning ahead of the transition, and my staff suggested we use a cloud-based word processor. At first I was resistant, but I was brought along and soon saw the value of editing quick-turnaround documents in real time -- from the office or from home, during regular work hours or late into the evening, as the situation dictated.

Following the transition, we were able to push out the entire library of transition documents to the whole Agency in one afternoon -- something we could never have done through email. And today those documents remain online for reference by anyone at USAID.

A second key to success, and related to the first point, we had real buy-in from the Agency leadership. We supported and funded modernization efforts, recognizing that in order for USAID to achieve its mission we needed to provide world-class technical support to employees. We realized that for USAID to remain the world’s premier international development agency, modernizing our technology had to be a top priority. We committed significant financial and human resources to this effort and championed it from the top, with leadership committing to being among the first adopters.

Third, we continue to improve, plan for what we know will come, and deliver results. Today, rather than holding off on technology adoption until we need to make a significant leap forward, we have embraced a culture of incremental progress. We constantly phase in new technology and make small updates to our platforms. We regularly make small investments in our information systems that keep them from going out of date or losing interoperability. I am proud to say that because of these investments, today, USAID is not operating a single legacy system.

Fourth, we committed to hiring experts at a senior level who have the technical know-how to implement these changes and keep us ahead of the curve. We worked hard to recruit knowledgeable, experienced staff and provide training and support for the staff we have. The skills and abilities of our IT workforce remain one of the key determining factors of whether we are successful in providing the information services we need as an organization.

Looking Ahead

All of this hard work has led to important increases in efficiency for our workforce and significant cost savings that today we are using to reinvest into our platforms. Moving forward, we will ensure that we continue to remain ahead of the curve and lead the U.S. Government in our embrace and effective use of modern information technology.

To further optimize data center operations, the Agency is in the process of migrating our already outsourced data center to a cloud environment, which will provide a much more dynamic and flexible model for infrastructure procurement and management. This new arrangement will allow us to acquire and pay for only those services that are required, giving us the ability to easily and quickly scale up or down as needed.

USAID is working to develop a comprehensive Agency-wide software license inventory to ensure the best use of the Agency budget. This helps ensure that USAID is tracking spending and enterprise licenses to help maintain the appropriate number of licences for our Agency. We have also used this inventory to respond to the reporting requirements contained in the Making Electronic Government Accountable By Yielding Tangible Efficiencies (MEGABYTE) Act of 2016.

Finally, USAID is taking steps to actively manage the cybersecurity risk that we are all aware exists today. USAID’s Office of the Chief Information Officer detects and mitigates more than 200,000 malware and intrusion events per month. We have made cybersecurity a critical priority and have worked closely with the Office of Management and Budget, the Department of Homeland Security, the Federal Chief Information Officers Council, and other federal organizations to protect our networks, systems, and information from unauthorized access or disruption while continually providing essential services and protecting privacy. In response to the May 2017 Cybersecurity Executive Order, USAID was ranked by the Department of Homeland Security and Office of Management and Budget, as “Managing Risk,” meaning the Agency is able to actively manage the cybersecurity risk to the enterprise, making us one of the few federal agencies to receive this rating.

Conclusion

USAID is committed to maintaining our status as a federal leader in the IT space. I would like to thank Members of Congress, and members of these Subcommittees in particular, for your continued leadership, interest in, and support for our work. We look forward to collaborating with you to address future challenges and new opportunities for reform. Thank you for your time; we welcome your questions