Investigation of USDOE CIO Danny Harris: Video and Transcribed Excerpts
Below are excerpts from the February 02, 2016, Congressional Oversight and Reform Committee’s hearing of the allegations of impropriety related to US Department of Education (USDOE) Chief Information Officer (CIO) Danny Harris.
I begin transcribing at minute 3, with Chair Jason Chaffetz’ charge against Harris and the apparent ineptness of the USDOE in handling student information:
There are 139 million Americans that would be affected by a data breach at the Department of, of, uh, Education. We also need to remember the Department of Education also oversees a student loan portfolio of over 1.2 trillion dollars. This puts it on the proportion of Citibank and other major financial institutions. It is critical because Taxpayers deserve the best in our chief information officer (CIO), and they’re not getting the best at the Department of Education.
The Inspector General (IG) testified recently the Department continues to be vulnerable to security threats and has repeatedly failed to implement the recommendations and failed to detect friendly hacks into their system. The Department scored a negative– was one of just a handful of agencies– but a negative 14 percent on the Office of Management and Budget’s Cyber Sprint. Cyber Sprint was intended to get–government-wide– get ’em up to speed, more security in place– and yet the Department of, of, Education was one of a handful of agencies that actually scored negative on that. And, they received an F in the fitara scorecard.
This is a self-reported score, and they scored an F.
Mr. Harris has served as the chief information officer since 2008, and by virtually every metric, he’s failing to adequately secure the Department’s systems. The Committee’s concerns were further amplified after learning Mr. Harris was investigated for possible criminal and administrative misconduct. The IG closed its investigation months ago, finding that the CIO potentially broke 12 federal laws/regulations and/or agency directives. But the Department of Justice refused to prosecute.
That is a mystery to us; we don’t understand why they would not prosecute such wide use and abuse of the system. Mr. Harris was running two side businesses he failed to disclose on federally-required ethics forms– a home theater installation business; a car detailing business– and inappropriately used agency resources and, most likely, agency time.
Mr. Harris also admitted to the Inspector General he did not report the income to the Internal Revenue Service. And most Americans would get in trouble for this type of, of, a, a situation, and not hiding, basically, hiding information from the IRS.
Additionally, the Inspector General raised serious allegations Mr. Harris influenced government contract. As a high-ranking public official, Mr. Harris played a role in awarding and over-signing contracts to a close friend’s company.
Equally disconcerting are the anonymous tips that the Inspector General described Mr. Harris’ leadership as “intimidating.” His investigation started because people within the Department of Education expressed concern as whistle blowers. And the morale in the office of CIO is an all-time low due to a dysfunctional environment that Mr. Harris has cultivated.
Let me put up a, the first, the chart. There we go:
We rely heavily on a disinterested third party to come in an evaluate. These are 14 metrics in the office of the CIO at the Department of Education.
Every single score is going down. Every single one of those is negative. And the …Office of the Chief Information Officer at the Department of Education scored 285 out of 320– near the very bottom of his class. [To technical assistance] You can take that chart down.
Look at the turnover rate at the It staff within the Department of Education, Fiscal year [2013 ?], it was 5 percent. Turnover rate in fiscal 2014 was 6 percent. Turnover rate in 2015 was 10 percent. It’s a key metric in an understanding that maybe things aren’t very good in that department. Every key metric is down; they’re scoring an F on their scorecard. You’ve got an IG whose making a recommendation for criminal prosecution [to] the Department of Justice.
And what does the Department of Education do?
They give him bonuses. More than $200,000 in bonuses Mr. Harris got over the last 10 years. And I want to know why. We got good quality people working at the Department of Education, and we’ve got something wrong going on in that department, and we’re bonusing him up? That makes absolutely no sense.
Mr. Harris came and testified to this committee in November. I asked him a basic question about IT: Are you using Cobalt? Cobalt was instituted in the 1960s. The answer was, “No, we’re not using that.” Ends up they have more than one million lines of code in the central processing system, also in the national student loan database.
So, he’s off with these other businesses, getting subordinates to do the work, taking bonuses, has three other jobs, and we’re giving him bonuses [as] every single metric is going down. Scoring an F on the scorecard. There’s vulnerability, and there’s a 139 million people who are at risk.
We don’t have time to play these kinds of games.
This is exactly what the Oversight and Government Reform Committee is all about.
Mr. Harris has had roles as the adjunct professor at Howard University. Consulting for the Detroit Public Schools. He’s in IT consulting services for the City of Detroit.
Congratulations. You don’t have time to do that stuff.
Simply put, when the CIOs fail to bring high management and ethical standards to their work, institutions suffer; systems are weakened, and the data o millions of Americans are in danger.
For all of the wrongdoing here, I’m telling you, there are a lot of good people. They rely on the Department of Education. They work there. There are people at home in every state and every corner of our country who rely on this. But you know what? There are 10– 10 senior officials …at the Department of Education under investigation right now. Mr. Harris is one of them.
Bob Shireman’s another one. Who are the other ones? Because this is an agency that has to function. If we’re going to put the billions of dollars in it, they’ve got to deal with it ethically.
Well, we’re looking at a situation here that’s not going well. And that’s why we have the hearing here today.
As the hearing progresses, Harris speaks for himself, calling his businesses “hobbies” and stating that he has since filed with the IRS for the formerly undeclared income and has since ceased to entertain his “hobbies.”
USDOE Deputy Sarah Winchell adds that no specific ethical clause was directly violated, and she notes that Harris resolved the issue of his former questionable conduct, and that some conduct (i.e., inquiring about a job to which a relative might apply) was not an ethics breach since Harris did not involve himself in the hiring process. Finally, Winchell noted that Harris’ using departmental email for a hobby (as opposed to a business) was not prohibited. Winchell maintains that since the IG report did not specify the term “business” or hobby” to describe Harris car detailing and home theater installation, then she cannot conclude Harris was involved in two businesses.
She does not address the issue of Harris drawing income from his “hobbies.”
Regarding Harris’ and Winchell’s statements, what is also not addressed is that Harris received a steady stream of bonuses from USDOE despite his documented poor performance as CIO.
Here is what Acting Secretary of Education John King had to add by way of a five-minute statement:
Chairman Chaffetz, Representative Plaskett and members of the Committee, thank you for the opportunity to appear before you today. In January of 2015, I joined the Department as senior advisor relegated the duties of deputy secretary, and I became acting secretary on January 1st of year, when Secretary Arne Duncan stepped down.
I firmly believe that providing our children with a great education is not just about subject matter knowledge, but also about instilling the values that will help them become faithful contributors to our communities and democracy. I expect all department employees to adhere to the highest standards of ethical conduct.
Before I address the actions taken by the Department with respect to the report by the Inspector General on this matter, I’d like to provide you with a brief update of what the Department has achieved to enhance our cyber security since the agency last testified before this committee [in November 2015], as I believe we have made meaningful progress.
Specifically, we have moved from a ranked 11 percent compliance for a two-factor authentication of all privileged users at the conclusion of the cyber security sprint to an overall compliance rate of 95 percent as of January 31st, 2016. We continue to work aggressively with a single external vendor to accelerate implementation of two-factor authentication for the remaining privileged users at that vendor and project to achieve 100 percent compliance during March 2016.
I view cyber security as the responsibility of the entire agency, not just that of any one individual, and although we have made and are continuing to make progress, I am not satisfied with where we are as an agency. I have notified my team that we must do better, and I have directed my team that we must undertake additional actions to strengthen our cyber security. These steps include using a focused and disciplined approach to systematically resolving and addressing the root causes behind any cyber-security-related findings from both our 2015 fisma audit and the 2015 financial statement audit.
I have also directed the team to take additional steps to increase end-user cyber security awareness; to strengthen our incident response capabilities, and to continue to build the capacity of our internal team through the hiring of additional professionals with expertise on these issues who can assist us in implementing best practices and improving the Department’s cyber security program.
Returning to the IG’s investigation and report issued to me in March 2015: I considered very seriously the, the allegations. Ultimately, my response to those allegations close a several-years-long investigation and confirmed and supplemented the work of two prior deputy secretaries at the Department, there in my staff, and the Office of the General Counsel.
I considered this matter in the overall context of Dr. Harris’ more than 30-year career with the Department. Dr. Harris has been steadily promoted under the administrations of both parties to roles of increasing responsibility. He was promoted to the senior executive’s service in 1998 and was appointed to his current role as CIO during the prior administration under Secretary Spellings in 2008. He has been widely recognized for his work in the CIO role. Given that history of service and my commitment to ethics, I was therefore troubled to learn of the IG’s investigation. However, I was also informed that Dr. Harris had been counseled by former Deputy Secretary Tony Miller on this matter as well as my immediate predecessor, former Deputy Secretary Jim Shelton, and the agency’s lead career ethics attorney, Susan Winchell.
Upon receiving the IG’s addendum in 2015, I again consulted with the general counsel’s office. The synopsis of the addendum stated that the US Attorney’s office and the District of Columbia had declined prosecution.
After reviewing the addendum the Office of Counsel and Ms. Winchell advised, included information served to confirm the conclusions reached by the Office of General Counsel and two prior deputy secretaries following receipt of the initial report; namely, that the OIG investigator materials did not include information that could support a finding that Dr. Harris had violated any law, rule, or regulation. I considered all of these factors, along with the fact that the actions in question had occurred several years earlier, had since ceased, and that Dr. Harris had took responsibility for his actions, and, where appropriate, included the relevant income on his financial disclosure forms and took other corrective actions.
Based on these facts’ I determined the appropriate course of action was to supplement the actions already taken with counseling of my own with Dr. Harris on these serious matters. I also asked Ms. Winchell to confirm her prior oral counseling to Dr. Harris in writing.
As I stated at the outset, ensuring that the public’s business and our work of expanding educational opportunity for all students are carried out according to the highest standards and ethical conduct is vitally and personally important to me. I believe the Department took appropriate actions to address the issues raised by the investigation and ensure that they are not repeated as we continue to work to rapidly strengthen our cyber security posture, an area of critical need, and a top management priority for me over the coming year.
Thank you for the opportunity to testify, and I look forward to answering any questions you may have.
The hearing continues for another two and a half hours. At this point, I am left wondering why in the world a man in a critical leadership position should retain that position given that he should require any sort of “counseling” related to the issues raised above.
A CIO who must be counseled about properly disclosing at least $10,000 of additional annual income should not be CIO.
King’s “team” speech was nothing more than an effort to shield not just any “team” member, but the leader continuously receiving bonuses despite poor cyber security compliance.
If indeed USDOE’s CIO had been competently doing his job, then there would have been no need for King’s “we’re doing better in 2016” speech regarding USDOE’s poor performance related to cyber security.
At minute 37, Rep. Mica starts in on what he calls “hair splitting” about Harris’ “hobbies” and questioning the discrepancy between USDOE’s inept cyber security and Harris’ continued bonuses. At minute 40:50, Mica remarks,
There’s no reason, Mr, King, why Harris shouldn’t be fired. He’s a senior executive service officer. He’s failed continuously since he took the position. I don’t think you can find more ineptness or, misconduct, with any senior employee that’s come before us, and then rewarded for it. It’s so offensive.
And Ms. Winchell says, “Well, maybe we should discuss moving him to another position.” Well, that’s what’s wrong with this whole system– is he can fail every time– getting huge salaries…. All the ethical questions that have been raised, and you leave him in that position.
Mica repeatedly asks King, “Who approved the bonuses?” and adds, “Even while he’s under investigation, there should be at least a suspension [of bonuses].”
As King tries to defend Harris, Mica ends with, “But he failed every single time. Every single time since 2008. The only time we’ve had any success reported is what you reported from January , and that’s only because the chairman (Chaffetz) conducted a hearing and we hammered you last year.”
There’s lots more to this hearing: