10:06 AM

US Education CIO Admits To 'Unacceptable' Behavior

US Department of Education CIO Danny Harris was grilled by lawmakers about possible ethics violations. Meanwhile the department, which has a lending budget the size of Citibank, was still said to be vulnerable to security threats.

Top Priorities For State CIOs: 2016
Top Priorities For State CIOs: 2016
(Click image for larger view and slideshow.)

Danny Harris, CIO of the US Department of Education, was again before the House Oversight and Government Reform Committee last week, testifying about allegations that he had created side businesses, failed to pay taxes on the income they created, used employees to help support the businesses, and had improperly awarded contracts to a business owned by a friend.

"I fully understand and take responsibility for how some of my actions allowed questions to arise," Harris said in a testimony presented before the House Oversight and Government Reform Committee on Feb. 2. "The actions I took showed that I used poor judgment and I deeply regret those actions."

Harris went on to defend his performance, however, as the DOE's top tech official, and to describe progress that has been made to improve the department's cyber-security position.

In Nov. 2015, Harris testified before the same Committee, under allegations that shoddy leadership had led to vulnerabilities in systems responsible for the personal information, including Social Security numbers, of 139 million Americans.

The department additionally has a student loan budget of $1.2 trillion, which invites comparisons to the fiscal might of Citibank.

"As I stated during my testimony last fall, I am committed to ensuring that the department reaches our goals to continually improve our cyber-security and we continue to make progress on those plans," Harris said Tuesday.

(Image: jensjunge via Pixabay)

(Image: jensjunge via Pixabay)

On Nov. 4, 2015, the committee released a scorecard assigning letter grades to each federal agency, based on its implementation of the Federal Information Technology Acquisition Reform Act (FITARA). Enacted in Dec. 2014, FITARA, in the words of the committee, "provides a set of tools and guidelines that ... allow agencies to better manage IT systems and acquisitions."

The DOE received an "F."

DOE Acting Secretary John King, Jr., who "counseled" Harris and met with him monthly throughout 2015 to help manage his progress, testified alongside Harris. According to King, the department has made "significant progress" in implementing two-factor authentication for privileged users, which he called, "one of the most important steps we can take to strengthen our cyber-security."

In that regard, the department's compliance had moved, King testified, from 11% to 95% as of Jan. 31. For privileged users of the department's EDUCATE and VDC environments, compliance is now 100%.

"I have directed the team to undertake a focused and disciplined approach to systemically resolving -- and addressing the root causes behind -- any cyber-security-related findings from both our 2015 FISMA Audit and the 2015 Financial Statement Audit," King testified.

Still, more progress is required. Committee member Will Hurd (R-TX) noted that 54 software programs the department currently uses are no longer supported by the vendor, and asked, "Why is that?"

Harris replied that the department is working to upgrade or retire 90% of the programs by June, and will take responsibility for the remaining programs.

While the two-factor authentication efforts were acknowledged as progress, the committee said it expects to see far more -- and expressed varying degrees of frustration with the situation.

"We should not be saying that implementing one part of a larger strategy is good enough," said Hurd. "I think we should be talking about, when 95% of the recommendations by the [Inspector General] are approved, that's going to be great work. When there are not repeat findings ... that will be good work."

[Read Government IT: Hot Tech Trends in 2016.]

Committee member John Mica (R-FL) added, "I think Congress and the American people have to think that the CIO position stands for chaos, ineptness, and outrage, after what we've learned this morning."

Harris was investigated by the DOE's Office of General Counsel, but not prosecuted. While Harris "displayed certain lapses in judgement," Sandra Bruce, Deputy Inspector General, said in her written testimony, her office "found no violation of law or regulation."

During the committee meeting, Bruce added that, while creating the businesses and not reporting income are violations, they were "not done knowingly and willfully."

"There's no reason why Mr. Harris shouldn't be fired," said Mica. "He's a senior executive service officer, he's failed continually since he took the position. I don't think you could find more ineptness or misconduct with any senior employee that's come before us. ... It's so offensive."

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

Michelle Maisto is a writer, a reader, a plotter, a cook, and a thinker whose career has revolved around food and technology. She has been, among other things, the editor-in-chief of Mobile Enterprise Magazine, a reporter on consumer mobile products and wireless networks for ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
2/18/2016 | 5:33:01 PM
not good enough
It's actually quite hard to fire people from government service, though I would hope as an appointed position it would be different.

It's this that really bugs me: "I fully understand and take responsibility for how some of my actions allowed questions to arise," I detest apologies that somehow come out as not an apology for wrongdoing but for how we felt about their wrongdoing. Apologies like that just aren't good enough. This guy should be fired. Then the student loan debaucle needs to be addressed, but that's a whole other issue.

User Rank: Ninja
2/9/2016 | 10:15:15 AM
Lack of accountability in the public sector
Whatever happened to public trust in government? If this happened at a private business, that man would have lost his job. Yet, because he works for the US Govt, he gets a slap on the wrist, a little bit of counselling and gets to reap all this money?! No wonder people don't trust our leaders anymore.
Time to Reconsider Enterprise Email Strategy
Time to Reconsider Enterprise Email Strategy
Cost, time, and risk. It's the demand trifecta vying for the attention of both technology professionals and attorneys charged with balancing the expectations of their clients and business units with the hard reality of the current financial and regulatory climate. Sometimes, organizations assume high levels of risk as a result of their inability to meet the costs involved in data protection. In other instances, it's time that's of the essence, as with a data breach.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll