Little more than two months ago, VanRoekel, who also serves as OMB acting deputy director for management, reported that agencies had already closed 484 out of 3,133 federal data centers and were on track to close a total of 855 by Sept. 30, the end of the government's fiscal year. The closures are part of the OMB's three-year old Federal Data Center Consolidation Initiative, aimed at reducing the number of duplicative and underutilized data centers by 40% by the end of 2015.
VanRoekel found himself in the hot seat at a hearing before the House Oversight and Government Reform Subcommittee on Government Operations Thursday, after OMB began acknowledging, but not formally announcing, that a change in definition had resulted in agencies reporting that the number of qualifying facilities was actually more than twice what had been originally reported.
[ The number of data centers don't matter, says this government exec. Read Federal Data Center Closures No Panacea: Navy CIO. ]
According to page 19 of a Government Accountability Office (GAO) report, as of July 2013, 22 of the 24 FDCCI agencies collectively reported now having 6,836 data centers in their inventories. OMB officials have since acknowledged that given the ambiguity of Defense Department reports, the number likely exceeds 7,000.
An incredulous panel of lawmakers, including Representatives John Mica (R-Fla.), Mark Meadows (R-NC ) and Gerry Connolly (D-Va.), pressed VanRoekel on how the administration managed to so seriously underestimate the number federal data centers. They also questioned whether expectations of as much as $2.5 billion in related anticipated savings over the next three years was even credible anymore.
"I expanded the definition," VanRoekel said in response to the question of what caused the sudden change. The original estimate of 3,133 data centers was based on a definition of facilities that generally measured 500 square feet or more.
OMB realized, based on information provided through April 30, 2013, that more than 70% of agency data center assets are less than 500 square feet, and in many cases, smaller than 100 square feet, according to a statement from Dave McClure, associate administrator for the General Services Administration, who also testified at the hearing. GSA's Office of Citizen Services and Innovative Technologies, which McClure heads, administers much of the work behind the data center consolidation initiative on behalf of OMB.
VanRoekel went on to explain that under the prevailing definition, agencies had wiggle room to break data centers into smaller spaces to avoid being counted, or to combine adjacent, dedicated data centers into one. That would allow agencies to meet the administration's goals, but not actually improve use significantly, which was the intent of the FDDCI, he said.
"I wanted to be sure" agencies weren't left in a position of reporting some assets and not others because of how OMB had defined what a data center is, he said. The underlying goal is "to drive optimization," he said.
That, among other feedback, led OMB in March to re-categorize data centers into two groups: core data centers, that are deemed fundamental to agency operations and which must meet defined performance criteria, and non-core data centers, 40% of which are now the target of the government's closure goal.
The subcommittee members, however, questioned why it has taken so long to see real progress in both in the number of data center closures and the savings associated with them.
That assessment was generally supported by David Powner, GAO's director for information technology management issues. Powner, in testimony before the subcommittee, agreed that OMB "did the right thing" to change its definition but that overall, OMB and agencies needed to take more effective steps to implement plans already laid out to achieve promised IT savings.
VanRoekel and McClure noted that it was not until last year that a total cost of ownership model was completed that agencies could use and agree upon to assess their data center operations and their needs and make planning decisions.
Lawmakers subsequently hammered McClure on GSA's own record for closing data centers. To date, GSA has closed only one of its non-core data centers and only recently announced it plans to close 38 data centers by the end of this fiscal year and 37 more by the end of fiscal 2014.
"I'm at a loss at how we got only one closure in the last three years, and why are we suddenly ramping up now and how is that going to happen," said Congressman Meadows.
McClure deferred the answer to GSA's own CIO, Casey Coleman, but noted that GSA's experience is symptomatic of most federal agencies, where "CIOs don't have complete control over all data centers," he said.
"(Defense Department CIO) Teri Taki has very little authority to do more than report what's being reported to her," said VanRoekel, reinforcing McClure's point.
What changed at GSA, said McClure, was the decision by GSA Administrator Dan Tangherlini in May to grant Coleman with agency-wide IT authority. That proved to be a perfect set-up for Rep. Connolly to seek further support for the Federal IT Acquisition Reform Act, sponsored by Darrell Issa (R-Ca.), chairman of the House Oversight and Government Reform Committee and Connolly.
The legislation, which was adopted June 14 in the House would, among other measures, elevate and empower agency CIOs with authority and accountability for managing the IT portfolios of their agencies. Rep. Meadows pressed on, wanting to know from VanRoekel -- assuming that fewer data centers meant a smaller footprint for security threats -- what was the appropriate number of data centers that government should be shooting for.
VanRoekel declined to provide even a ballpark number, saying "yes, fewer data centers would improve security," but that building "cyber capabilities was grounded in following the Federal Information Security Management Act" and monitoring traffic going through the government's trusted Internet connections.
"Fewer is better and optimized is better. It depends on size and need of the agency," he said. But he pointed to the Department of Homeland Security, which has three core data centers, as one model to consider.