Unlike Clinger and Cohen, Connolly says he's here to stay

Rep. Gerry Connolly, the Virginia Democrat who helped pass the Federal IT Acquisition Reform Act, has tied the law’s long-term success to him staying in Congress to oversee it. Casting himself as here to stay, unlike the authors of the last big federal IT reform law, Connolly told a crowd of federal officials and contractors: “I assure you, we’re going to continue to watch over” FITARA’s implementation.

The Republican authors of the 1996 Clinger-Cohen Act (former Sen. William Cohen of Maine and former Rep. William Clinger of Pennsylvania) left Congress shortly after the law was enacted. For Connolly, that meant “there weren’t great stakeholders watching over” the law’s implementation. This time is different, he said.

At a June 30 event dedicated to FITARA implementation, Connolly praised the Office of Management and Budget’s implementation guidance for the law. OMB understands “that the purpose of this bill is not a whole bunch of new regulations or codifications to abide by,” but rather a framework for agencies to reap the benefits of IT, he said.

Connolly noted that FITARA vested more responsibility, and therefore accountability, in agency CIOs, but he argued – contrary to some -- that the IT struggles at the Office of Personnel Management exposed by recent breaches at the agency were the result of not spending enough money, and not necessarily poor management. “We can blame somebody, we can declare ‘off with her head,’ but it begs the underlying question of … have we made the recent investments, have we provided the resources to modernize and update OPM,” Connolly said, alluding to bipartisan calls for President Barack Obama to sack OPM Director Katherine Archuleta and CIO Donna Seymour. Archuleta has said she plans to submit a request to lawmakers for more funding for IT security by the end of the week.

Federal CIO Tony Scott, who spoke later at the conference hosted by the Association for Enterprise Information in Arlington, Va., issued a similar plea for clemency. “Part of this digitization and part of this reform that we’re going through … is cleaning up decades of neglect, omission, not seeing the issues, not funding things that need to be repaired,” Scott said, comparing layering security onto legacy IT systems to adding airbags to a 1965 Mustang.

Both Connolly and Scott sounded optimistic notes that FITARA could help improve the baseline level of federal civilian cybersecurity in the wake of the OPM hacks. The OMB guidance requires relevant agencies to have a baseline set of management roles for their IT officials in place by the end of the year.

While administration officials have yet to publicly accuse Chinese actors of the hack of the OPM personnel database, which exposed the personal information of 4.2 million current and former federal workers, Connolly minced no words. “This breach into the OPM database is part of a systematic, organized effort by the Chinese government, funded by the People’s Liberation Army with a special unit trained and equipped to in fact hack into Western assets, especially our government,” he said.

Asked by FCW after the event if the intruders who breached the OPM database had been evicted, Scott said there is no evidence to suggest they were still on the network, echoing similar assurances made by OPM that there was "no evidence" that security clearance background information had been exposed. But Scott was quick to add what he said was a principle of cybersecurity: Never assume an incident is over.