Congress

Education CIO in the hot seat on Capitol Hill

Wikimedia image: Department of Education.

Education Department CIO Danny Harris testified before the House Oversight and Government Reform Committee on Feb. 2. (Photo: Zach Noble, FCW)

Rep. Jason Chaffetz (R-Utah), the chairman of the House Oversight and Government Reform Committee, is concerned that the Department of Education could be ripe for the kind of data breach that hit the Office of Personnel Management.  And his concerns are exacerbated by the history of investigations into the personal conduct of longtime agency CIO Danny Harris.

At a Feb. 2 committee hearing, the Education Department largely closed ranks around Harris, as lawmakers called for him to be punished or even fired.  The members of Congress also questioned whether flagging morale and low cybersecurity marks at the agency could be related to Harris' behavior over the past decade.

"Mr. Harris has been the CIO [at Education] since 2008," Chaffetz said. "By virtually every metric, he is failing to adequately secure the department's systems."

That behavior includes operating home businesses (home theater equipment installation and car detailing) without reporting income to the IRS, helping a relative obtain a low-grade job at the agency, maintaining a close personal relationship with an agency contractor, and loaning money to agency employees.

"I believe there were significant lapses of judgment," testified Acting Secretary of Education John King. But ultimately, King testified that he had "confidence in his leadership."

All of the conduct concerns addressed in the hearing had been previously investigated and closed by the Education Department inspector general and Harris' superiors. Harris was not disciplined, but was put through four counseling sessions.

Still, lawmakers wondered why the consequences weren't more dire.

Rep. Ted Lieu (D-Calif.) said he was disappointed that Education officials chose not to punish Harris, and that King sheltered behind a wall of lawyer-approved statements instead of offering candid remarks.

Beside detailing and installation work, which Harris testified were more in the nature of hobbies than businesses, the CIO has also consulted for the city of Detroit and taught at Howard University at various points in his tenure.

"I can understand why there are problems at the Education Department [in cybersecurity] when you have so many outside jobs," said Rep. Carolyn Maloney (D-N.Y.).

Chaffetz pointed to the dismal employee feedback from within Education's office of the CIO as evidence of Harris' management shortcomings, saying, "There's a reason why you're scoring at the bottom of the heap."

Education also scored near the bottom of the heap on the November 2015 Federal IT Acquisition Reform Act  scorecard; it was one of three agencies to earn an ‘F.'

In the Feb. 2 hearing, Harris pledged security improvements.

He said Education should have 100 percent of its privileged users on two-factor authentication by March, once a vendor finishes re-architecting its data center, and non-privileged users should hit 100 percent for two-factor authentication by the summer.

Harris also said he plans to upgrade or retire 90 percent of the 54 software programs the agency is currently using that are no longer supported by their vendors.

Chaffetz, for his part, pledged to continue investigating Harris and Education, stressing that the agency houses sensitive personal information on half of the U.S. population.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected