can go. >> we are going to leave this here for live coverage of the house hearing on president

biden's request for the 2025 budget. officials are testifying. live coverage on c-span for you. >> as mentioned in this hearing before, i am starting to feel like i have walked into a brick wall. congress always elicits testimony from the executive branch agencies and gives it great respect, even when we fiercely disagree. this exchange of views between the legislative branch and the executive branch is fundamental under the constitution. when the va's testimony is so late that we may not be able to read it in advance, that is disrespectful and it undermines this process. i urge witnesses with all the people in all the layers of the va and the white house bureaucracy who wrote the testimony to do better, not just for this committee's sake but for the benefit of all the veterans who ultimately will be

impacted by this. >> good afternoon. today we will examine the biden administration's budget requests for the da information and technology. i want to thank our witnesses from oit for joining us to help understand this request. it is by far the most unusual va information technology budget that we have seen since the subcommittee was created. factoring in all the funding sources, including the toxic exposure fund, one-time dollars, transfers, reimbursement and carryover, it constitutes a 3.3% cut to $7.9 billion. i have no doubt there is waste in the va budget and there is at least 3% of unproductive bureaucracy and padded contracts that should be cut. if our administration seems to be proposing the cut, then incredibly lopsided damaging way. development would take a 99% cut

. i am all for reducing spending but even i don't make recommendation without a 99% cut, especially in development. i.t. modernization which is one of the top priorities of the federal chief information officer would take an 81% cut. the infrastructure readiness program, which we have heard is vital on many occasions is being proposed a 66% cut. technology for the veterans benefits administration, which has had serious problems as of last year, would get a 41% cut. meanwhile, staffing and administrative expenses would increase by 5% and operations and maintenance takes about a 100 million or a 2% cut in the base budget request but then gets boosted i more than $1.3 billion from the toxic exposure

fund. it is hard to make sense of what would increase and what would actually be cut. we may hear that the fiscal responsibility act, which was a top line budget agreement between the president and the former speaker, forced these cuts. that explanation does not stand scrutiny. that budget agreement and the current budget agreement specifically exempted veterans healthcare, which is about 80% of the va's discretionary spending. it is true that the administration decides to spend above the negotiated levels, they would need to make cuts in other levels of the va. that may be what we are seeing happen right now. congress has always meant va's budget requests but i don't think any congress should ever appropriate more money than an agency asks for. therefore, even though i do not have much confidence in this

oit budget, i need to understand in detail how it would be implemented. we need to know whether the special salary rate is accomplishing its objective to recruit superior talent and we need to understand what kind of pressure it is putting on the payroll at oit's overall budget. as we recently saw with the critical skills incentive payment to the bba and dha executives, this pay increase can get out of control. the original purpose can quickly be forgotten and it can be easy to hand out raises with other people's money. i am very concerned that an unstable payroll can undermine recruitment and retention and drive away top talent. strong management would be very important to navigate through the next few years. once again, i want to welcome our witnesses to discuss these important issues. with that, i yield for opening

statements. >> thank you, mr. chairman and thank you for holding this hearing to discuss the i.t.'s budget request for fiscal year 2025. the deferment of veteran affairs is tasked with providing world-class healthcare and benefits to our nation's veterans. it is part of the path that we make with young people when they sign up to serve and defend our nation. however, given the rapidly increasing cost of community care, i am concerned that we are creating a situation where va will have to cannibalize other service lines and programs to pay the bills. unfortunately, in this situation and throughout healthcare, this is one of the most frequent victims. i.t. is the backbone of va. everything they do happens on computers. it is critical that we ensure that this budget properly reflects a commitment to our veterans. during last month's hearing on va's overall budget, we heard about the growth and other parts of va but it appears that

the i.t. budget is not keeping pace. if we are not ensuring that front line staff has appropriate tools to do their job, we are not doing right by our veterans. we have heard horror stories of them taking upwards of 10 minutes for an employee to log into their computer. 10 minutes in this digital era in 2024. that is totally ridiculous. it is a clear symptom of the long-term neglect of the i.t. infrastructure. despite these issues, it appears va is cutting the budget for the infrastructure readiness program by 65%. crucially, the irp was intended to cause chronic neglect of its i.t. infrastructure. i'm afraid this budget request will only handicap the irt's efforts. if we are not irritating these infrastructure, none of the other modernization efforts are likely to be make any

meaningful difference. it is like buying a new sports car and driving it on a dirt road. eventually, it will fall apart. while we are only half of the modernization, i notice there are near 50% cuts to va i.t. monetization budget at a time when there are several major efforts underway. this budget comes slightly to cause major issues. i how the va can keep progress of this veterans management system and digital g.i. bill moving with this budget cut. i hope to hear from cio how this is going to work and perhaps, most importantly, i am concerned about the workforce budget. while there was a modest 5% increase, i am afraid it does not keep pace with the expanded authority to provide special salary rates for its people. i fear supporting those will force oit to decrease the number of people it has,

expecting the i.t. folks to do more work with less people. it is going to have a lasting impact on retention. the pay raises won't be enough to prevent people from resigning. on an opposite note, i will say i am happy to see that the va is increasing its investment in private security. healthcare organizations are prime -- it is critical that bas massive trove of veteran stata, that it has been entrusted with, it is also critical that the va protect its ability to provide care and benefits to veterans. this became incredibly apparent in the aftermath of the healthcare cyber attack. va is still dealing with the fallout of that incident as they attempt to identify what is in use by va. now, it has been more than two months since the breach and we still don't know what, if any data that was exposed. i understand that change wants

to be certain but i am concerned the risk to veterans and their families rose every day that they failed to disclose the impact. we cannot allow this to be decimated by the attack on its va partner. i expect better from the va contractors and hope that this gets justified soon. that said, i would like to think the witnesses for being here today and i look forward to hearing your testimony. >> thank you braking member sheila cherfilus-mccormick. i will now introduce the witnesses on our first and only panel. first on the department of veterans affairs, we have a sick and secretary for information technology. we also have the principal deputy chief information officer, mr. duane beard. finally, we have the oit chief financial officer, mr. tim pitts and the chief people officer mr. nathan tierney. i asked the witnesses to please stand and raise your right hand.

>> do you solemnly swear under penalty of perjury that the testimony about to provide is the truth, the whole truth, and nothing but the truth? thank you and let the record reflect that each of the witnesses have answered in the affirmative. you are now recognized for five minutes to deliver your opening statement on behalf of the va. >> thank you. the first thing i would like to say is we apologize for the lateness of the testimony. i will assure you that it is not through a lack of respect for the committee and a great deal of work went on to create those but you have my apologies for the lack of timeliness. >> chairman rosendale and distinguished members of the subcommittee, thank you for the opportunity to testify on information technology request from the department of veterans affairs and for your long- standing support for veterans and their families. i am accompanied by dewaine

beard , dr. tim puetz and mr. nathan tierney, the chief people officer. va is committed to providing veterans secured digital experience through state-of-the- art technology. technology has become the very foundation of the va's ability to determine on its -- the fiscal year 25 budget provides for va i.t. systems and communication support including $6.2 billion in base discretionary funding. in addition, there is 1.4 alien dollars and mandatory toxic funding to continue the monitoring of -- oit will make focused i.t. investments and cyber security, the i.t. workforce and modernization. the total fy25 budget is $49

million or down by $49 million below the fy24 enacted level. discretionary funding is $169 million or 2.6% below the fiscal year 2024 enacted level. 9.7% above the fiscal year enacted? the fiscal year 25 staffing and administration report services request of $1.686 billion funds 8310 full time employees or fte. that is 160, or 2% ahead of the enacted level. the fy25 budget provides $671 million for cybersecurity and va to accelerate the zero trust acceleration efforts, $118 million or 21% increase in the base funding relative to fiscal year 24 level. oit will bridge the enacted

level in the budget request to ensure consistent report of the initiative. we are practical oit will accelerate investments based on the operating plan and scale back other investments in technology roadmap. this ensures we have an investment plan imbalances resources with key initiatives to support continuity of veteran healthcare and benefits to represent the consistent strategy over the years. to successfully execute on the budget, va will continue to manage its i.t. budget with transparency. oit is taking a critical look at all legacy projects, establish projects and newly proposed programs as well. we are evaluating the values of those projects bringing and determining if those funds can better be used elsewhere, especially in areas of i.t. modernization, cybersecurity and i.t. workforce which are vital in maintaining bas digital transformation efforts in pursuit of more efficient and impactful service delivery to

our veterans. it is that funding from congress that is instrumental in furthering the i.t. modernization efforts. oit is exercising extreme discipline in allocating investments and ensuring a strong investment relative to toxic exposure when modernizing related i.t. systems. we recognize the necessity of trade-offs and remain committed to the strategic -- strategically scrutinizing where we deploy those investments. when veterans levers technology axis to be a services, they trust that the underlying digital ecosystem is safe, reliable, and secure. for this reason, oit has remained cybersecurity as a priority through 2025. this will help us to deliver a robust and resilient security posture to the 9 million veterans using va care and benefits and hundreds of thousands of va employees and contractors who access the network every day. is va prioritizes the investment, we must also recruit, retain, and upscale current i.t.

workforce for over 8000 individuals. the va is working hard to monetize this with targeted strategy. these include hiring cybersecurity, artificial intelligence, continuously developing incentives and focused field staff expansion to support veteran health and benefits. i.t. modernization is essential for achieving our goals at the 21st century and the va. where va stands in the forefront of delivering better and seamless digital experience, the va will prioritize these funds in the most essential modernization initiatives that bolster the department's ability to serve veterans. the model of addressing i.t. improvements incrementally, rather it be a large system replacement project will help us manage i.t. spending, reduce polar ability to cyber threats and strategically scale i.t. modernization. chairman rosendale and members of the subcommittee, i want to thank you for allowing us to appear today. we become responsible stewards

and committed to maximizing investments to the da enterprise. i look forward to continuing to work with you in this subcommittee to address the greatest priorities of digital transformation in fiscal year 25. that concludes my testimony and i look forward to answering your questions. >> many the written statement will be entered into the record. we will now proceed to questioning and i will recognize myself for five minutes. when everything is factored in, the white house's budget for oit amounts to a 3.3% cut, which i mentioned in my opening statement. within that development it is being cut by 99%. operation and maintenance is cut and imposed by the toxic exposure fund. staffing is increasing by about 5%. do you see a budget request and what are the consequences of that going, as far as you said? the integration of healthcare and its reliance on oit?

>> thank you for the question. as you know, and everybody knows from their own experiences, the budgets are accounting for things that involve trade-offs, investments here in modulation there. the financial responsibility act certainly creates an overall top level budget that we need to respect. we think there are difficult choices that have to be across the entire administration. i respect the challenges of making those cuts. >> how is that going to impact the delivery of healthcare and this integration of the information and the benefits that the veterans have earned? >> it will require rest -- it is a challenging budget for us. i will say that up front. it will require us to be very

focused in where we invest. we have taken the initiatives that the administration overall wants to focus on and we agree with those initiatives. the areas like cybersecurity, we are full stream because that is critical in the complexity of our organization, particularly the growing threat actors, sophistication. at the same time, what we will have to do is take the modernization funds and judiciously allocate those against the highest priority projects that we have. my goal, and i think this is accomplished, we will not hamper veteran care to develop this but i will tell you, we will have to be very targeted in our investment. >> 40, 60, 99% cuts in the areas of i.t. that are going to be instrumental in making sure that we have smooth delivery of those services. i think you have more than a challenge. again, it seems like we are shifting it over. we are letting the cuts fall heavily on the development subaccount. how was that decision made? >> is that something that you make?

is that something that you make these recommendations? >> thank you for the question. moving over to hr, it is not a significant move. >> we will go into that later on. >> how was that decision made on this funding being stripped away? >> as you know, we submit a budget to the administration and there is a back-and-forth project. >> the initial submittal you made to the administration, did it reflect that reduction? >> it did not. >> by 99%? >> did not. >> what was the initial reduction you recommended? >> i would have to take that for the record. >> please do. i would like to know without original reduction -- >> if i may -- back let me move on. who decided to spend nearly all the toxic exposure fund dollars on operation and maintenance but zero on development? was this another one of your decisions? >> no. i am glad you asked that.

i want to clarify the distinction between development and maintenance is actually a little bit more sophisticated then the terms apply. we can do a lot of development under what would be called a maintenance budget because those are programs that -- >> that is great but i have sheets here that show -- i have to go by the spreadsheet, okay? again, who decided that nearly all the toxic exposure fund dollars on operation and maintenance but zero on development? >> that is what i was trying to explain. because systems like this are established programs, we are enabled to do -- you might -- >> are you telling me that you are using funds for development that most people i thinking are going to be used for operation and maintenance? >> not exactly. i am saying that what is defined as maintenance, others may think a best of element because it is an established program. >> i am going by the

spreadsheet. does the spreadsheet reflect the information that is not accurate and that you are moving funds into development that are supposed to go to operation and maintenance? >> it absolutely does not. >> okay. we are talking about the same thing. who made that decision about operations and maintenance and then zero going to develop and? >> thank you for the question. i believe that the investments we are doing on the benefit side, things to the funds, are very robust and strong and i feel very good about that. through the use of the funds in the appropriate way, as i said, my testimony -- you are telling me that we don't understand how the funds are being spent? i have a spreadsheet that says operation and maintenance and i have a spreadsheet that says development. you are either spending it on development or you are not. if you are telling me that you're moving some of these funds around, clearly you are not. with that, i'm going to yield to ranking member sheila cherfilus-mccormick. >> thank you. my first question is for mr.

delbene. how do you explain the difference in information technology? >> i think that there are requirements across the va and where money has to be spent. there is an increase in demand, an increase in terms of benefits. it is a balancing act. we have to figure out where we will spend the money and not. we will figure out -- we already have planning in place to figure out how to live within the budget we have. as i said, we have to make some very strict trade-offs. i will also say i am proud of how the teams have come together to have a clear prioritization scheme that they use. where is before we may have been allocating to a project that may not have been -- i feel very good that going into the 25 budget we will be able to assign the dollars to those most pressing needs. >> do you think that the budget request is sufficient for the

i.t. requirements today and into the future? >> i do think that we will be able to address the critical projects that we need to address in fy25 for this budget. having said that, we are making trade-offs that will not work well were sustain us. >> one of them, if i may, is the modernization fund, which you mentioned in your opening statements. that is, we are at a reduced level this year but that will have to be puffed up in future years because you cannot just continue to be at the lower level in terms of your modernization funds. >> that is my next question. there are several major i.t. monetization underway. i was quite surprised that the drastic cuts to the modernization budget, especially since we have had a hearing last month with another major modernization effort in the work. is this budget request is sufficient to keep all of these

efforts moving forward at their expected pace? >> i think we will have to make some trade-offs and we will have to figure out where we reduce the funding. i think we get a lot -- there is a lot of projects in place. they come up every day. you all want the systems to do new things. we have to figure out development plans. the only way we get through is through very strict prioritization of the work we do. >> do you know of any projects offhand that are being traded off? >> the one in particular is, if you take the four your typical lifecycle of a computer, that is about $150 million. it would take the annual spend at the current rate of pcs. that will be reduced fairly significantly, i think, to the $15-$20 million level. we will replace pcs less frequently as a result. that is what my point is. we can continue to do that every year but with some of the funding we have got recently and the fact that it has been

updated, we can do that for one year and make that true but we will have to be diligent about it in future years. >> what would be the impact on programs? with this budget caused delays? >> we are looking at that right now. it remains a priority for us and we are going to have to figure out the right funding to get there. >> how will these cuts impact the broader oit mission? >> we intend for it not to impact the broad mission. we intend for it to be strict in our allocation of resources so that it does not impact the administrative services for the agencies. >> my next question is going to be for mr. tim puetz. while i was grateful to see the 20% increase in the cybersecurity funding, va remains one of the lowest in cyber security funding in the federal government . va also holds a large amount of persons health information and personal identifiable information. can you explain this disparity?

>> the investment in cybersecurity in -- from fiscal year 24 to fiscal year 25 resulted -- give me one moment, please. resulted in a >> so, they go hand in hand.

the intent is to continue to move cybersecurity in the right direction. he needs to go. >> i will come back in my next question and, thank you. >> i will now yield five minutes to represent itself. >> i would like to delve into some of the i.t. issues. we have had the change healthcare hack in the last few years, how familiar are you with the executive order 14 zero 28? it is basically improving the nation's cybersecurity. >> i'm very familiar with that. >> describe how your office followed that playbook following these cyber attacks. >> i will do it quickly.

basically it prescribes that we should following zero trust model. what that says is that you can't trust your perimeter to be a hardened defense against attackers. it has to be a multipronged strategy. we have been working on that model for the past two years that i've been here. not just with change healthcare, we have been looking at that well before. i think change healthcare in the microsoft packs do show the vulnerability that the entire industry has. they do draw concerns. >> so when did the change healthcare and microsoft start reporting and that they report everything required for these two hacks? >> i can't say that they reported everything required, i will say that we expressed

leadership with the companies that were disappointed at the transparency and speed with which they have it delivered information to us. >> you may remember that the healthcare said there was a substantial portion of the people of america that may have been impacted. in fact, you notified 15 million veterans that they could have been impacted. i think we have the same problem that they had with watergate some 50 years ago. what did they know and when did they know it? today we still don't know what we don't know, is that a correct statement? >> it is different between chc and microsoft, microsoft is actually scanned through the data at least an hour portion of transactions and emails and told us what they have found in

its entirety. chc has not done that yet. we have been pushing very hard. they basically said, we believe they should be able to tell us what portion of us of folks if they are veterans, we suspect that there are. >> you suspected microsoft, the review board which was established that the executive order that we were just discussing completed that microsoft submitted a cascade of security failures and that the company security culture needs an overhaul. did you communicate with anyone at microsoft about the exchange hack? and if so, what did you discuss? >> we did and i was in that meeting as well and we spoke with our executive representative, paul who i know from my microsoft days and i will say that we were very blunt and direct with them

about needing information from them. i am not here to defend microsoft. i think for them to get hacked in this way is a very concerning way. >> did you report -- >> i now yield five minutes to represent -- as we transition to the next round here, i just want to give you the opportunity to talk through things that you felt like wasn't covered and he wanted to make sure that it was clear, so please use this time just to clarify and express the intent here which is to make the argument for these investments understanding to the chairs

point, the real trade-off in appreciating the trade off which i suspect you all do. >> thank you for the question. i would say that the major theme here is that folks need to work within budgets. there are things we can deal with more funds, but we will work within the budget and i am proud of the fact that we have a team now that can actually do that kind of math and prioritization. that is the way we work every day. we have a one to endless, the first tie is priority followed by the 150th looks exactly like this. that is the capability that allows us to be able to work within an environment that is more fiscally off. there is more we can do, there is more i would like to do but

i respect and understand where we are and i support it. i would like to talk specifically about the special salary rate which has had a significant impact so maybe i will pass it over to our chief officer and have him speak a little bit about that. >> thank you, sir. to take a step back, whether in industry and government, what does it take to get somebody to join the team? what we found is that government is no different than the private sector and the compensation was the top attraction. the second one followed by that is work-life balance. the third is actually career and element growth.

we partnered with four other federal agencies to figure out is there in fact a pay gap and what we resulted in was that there was a pay gap about 66%. what this means for all of you is that if i want to hire a software developer and the federal government, i can't pay them enough to get somebody to come out of amazon, mehta, whatever other tech organization. we had to do something. we prepared the analysis and submitted it june 2023 and they approved the special salary rate with all of the tables that we submitted. from that, we implemented using the authorities, here's why this is important. it is the top attraction. as a result of this in the past nine months, we have had an 80% increase in technical

applicants. we have had 48% fewer re- announcements which means i don't have to pay the cost on the. we've had 64% less separations, 56% less retirements. this is important to us because almost 30% of our workforce is retirement eligible today. when we talk about some of these systems we have to keep those people. not only has it helped us in the retention front, it has also helped us in the attraction front and recruiting top-tier talent to allow us to be a competitor. we are continuing to monitor. i just wanted to say thank you for your support of being the best in i.t. . >> thank you, i appreciate it. >> talking about priorities, i was really glad to hear that because we all have to prioritize the work that we do

you are well aware of the troubles that they had in the related systems over the past year. this budget request cuts the funding by $22 million or 21%. please explain to me the logic about that and how do you intend to provide the fixes for the improvements that need to be made? >> thanks for the question. there is prioritization of the budget overall but then there is within each project what you choose to focus on. we have talked to you about the challenges that we've had in those become the first and most critical things we do. i have been super consistent with the team. cybersecurity, you do those as a baseline before you think about adding new features. >> the problem that we had wasn't in cybersecurity.

i truly do appreciate the investments that's being made in cybersecurity to make sure that we protect our veterans privacy and all of their data and information. what i have been saying as we have been hearing massive problems and it has a very necessary need in fixes and improvements. explained to me how we are going to do that with a 21% cut . >> we think of certain things as must haves. cybersecurity is another example of a must-have. there were mediations around tracking and making sure that we don't have those problems again, those are must haves. what it will impact is the speed in which we deliver new features and new capabilities into that project we have to reduce by that amount. >> basically you're going to focus on actually preparing the

system? >> we will make sure first and foremost that it functions possibly -- properly. >> it seems to prioritize salaries over everything else. in black and white, that's what it looks like to us. i want to get into that. but first, on the contract, are they taking any cuts under this budget request and if so, who, and how much? >> when we do a contract there are established hourly rates. those are already in place and there based on what the market will bear. i don't think we would be effective in kneading strong contractors if the rates were not successful and not at the right place. >> you're telling me that you are not proposing any reductions in the contracts? >> i didn't say that. >> that's what i'm trying to get up. we need to have plain language here.

are you proposing any reductions in the contracts or contract wars and if so, who and how much? >> as you know we use contractors quite a bit. it won't be a necessity at the amount that we get for most contractors, it will have to reduce in order for us to meet the level of budget. >> will you be able to provide to this committee the contractors that you propose reductions to and who and how much you propose those reductions? >> we need to be engaged, which we are with your staff and exactly where our dollars are going to across the year and we are happy to provide the on an ongoing basis. it's going to be things that are made day today, week to week. this particular project, we can't do all of this we are going to have to do this much but we are happy to share all of that with you. i believe in radical transparency. >> i'm confident there will be reductions. >> i look forward to seeing

those reductions and who they are actually being propose to >> please explain what that entails, how many people were covered, how are they chosen, how large is it the amount that that was awarded out and how much does it cost and what is the purpose for it? >> thank you very much for the question, the purpose behind the special salary rate was to close the pay gap between industry and federal government to retract and retain top-tier talent. ai specialists, cybersecurity, software developers. that's what the purpose of it was. on average, it close the pay gap by half. it closes a by about 30%. each employee of the i.t. specialist series received a

special salary. that's how it was designed to do it in on average i believe that was a 17% pay increase for those i.t. specialists that we had. >> this is the existing stand? just clarifying. >> yes sir. >> i do want to mention that there is a cap of pay that still limits them, they are still capped at the max. and how many of the staff receive that pay increase. >> i can take the numbers from the record to try to get it to you. if i can give you an estimate it is about 7000 employees. >> clearly that wasn't used for improvement, that was the folks that were already there. >> they were existing employees . >> yes sir. and now we have about just over 8000 on board so the thousand that we have been -- my time is now expired. >> thank you i would like to

redirect my previous question. pretty much what i'm asking is that the 20% increase for cybersecurity is impressive and we're happy about that, but it is still the lowest funding throughout the whole federal government for cybersecurity and the va holds large amounts of personal information and personal identifiable information. what is the information that you have? >> thanks for the question. i don't think i can speak to the path of how we got here, i will say a couple of things, one, and happy about the increase as you mentioned the first thing is just to do better in terms of our certification when a system comes up for review, making sure people

really do a good analysis. >> i'm sorry to interrupt you, my question really is if we are looking at other government agencies, this is still the lowest amount of funding for cybersecurity. what is the disparity between other agencies and the va because that is still a low number. is your answering that, that could be my second question also. to think it is adequate or do you think we are moving toward a more adequate number? >> i think we are definitely moving toward a more adequate number. i don't think any person in my position would say it is adequate. i have a very healthy concern for cybersecurity, i can't speak to how others are using it. when i was using other parts of the government, i will say we are kind of laser focused on doing a risk-based analysis. we do exercises to figure out how people can actually attack ourselves.

if you look at this risk versus this risk which is the one you're really worried about, that is something that you have to drive into every employee saying this is everybody's responsibility to make sure that the systems that you review and that you manage are secure which means you should be paranoid about where the points of vulnerability and you should be able to raise those to the team at large. >> do you feel that the current funding request for cybersecurity is adequate to address the issues and protecting the critical i.t. program? >> i don't think anybody in my position says that they wouldn't want more money, i would certainly want more money for cybersecurity as well. i will also say we don't put that investment everywhere in the same way so we look at places where there are things like veterans data and we focus there as well as one of the high-risk areas. >> do you feel it is adequate is my question? >> i believe we will be able to work with the funding that is

in the budget. >> how have the recent impacts on ransom attacks it changed your perception on the need for increased cybersecurity funding? >> they have reinforced that with me, i'm not new to the industry and i have seen these kinds of attacks before. etiquette just brings home the importance of us having very structured and sophisticated cybersecurity program. >> i was concerned to see that only dedication of funds would be directed toward standard operations and maintenance. i worry that this is keeping the lights on budget and will actually be more destructive and delay the modernization of va healthcare and i.t. infrastructure. with this budget, how would we be working to bring groundbreaking technology to benefit veterans while also

valuing veterans privacy. >> on investment i will highlight and probably passover to mr. beard, i think we are investing and the budget has money set aside for ai, there are huge opportunities for us to transform the experience for veterans in the ai space and aiding doctors and being more effective with their time for example but let me passover to the data question more broadly. >> thank you for the interest in data. what we were focusing on is the reuse of data. we have a lot of data assets. we're really focused on data sharing. it is part of our ongoing development sustainment efforts. focusing on the key infrastructure portions that

support the data strategy. platforms, data lakes, data breaks. these have already been in our budget and we are sustaining those. those trajectories continuing our budget, we will be able to sustain the work we are doing inconsistent authoritative data and reuse within our environment . >> thank you very much. five more minutes. >> thank you mr. chairman. because of your long history with microsoft, you had -- now that you have served for two years, are there any restrictions in your waiver that no longer apply? >> thank you for the question, i am able to speak to members of microsoft in a place that i

am not strictly part of the ethics, it is always good practice of me not reaching out to anybody. i should do that with other folks involved, such as our strategic sourcing organization and then i will not be involved in discussions around business relationships with microsoft. so, mr. beard takes over on those mostly. >> let's dive in to the words. it allows you to participate in particular matters of ability. it does not allow you to participate in particular matters involving specific parties affecting microsoft. that is some pretty dense language. can you quickly explain to us what that means? >> i can tell you what i believe it means. i think we have over exercise beyond that as well. i have not spoken to my past colleagues in the past 2+ years. we said that is the safest thing for us to do. what it does say is that in

general compute capability questions like how the windows functions, that is a general thing. i could engage in the discussion around where should that go in terms of the particular capability, i would never engage in a question like should we purchase the software from microsoft or another one? that would be a specific situation where i would absolutely not be involved. >> who decides if it is a particular matter of general applicability or the other where you need to accuse yourself, who makes that determination? >> in most cases, just not involved at all. just generally speaking, officer general counsel. if i may just to finish, we have an office of strategic sourcing with rolando jones who runs that organization pictures

very diligent about making sure that i'm following the confines . >> how many times have you recuse yourself? >> i haven't officially but i have basically said i am staying away from anything business related to microsoft. >> one more question, so you have no documentation of any recusal's? >> i have these business relationships have never been in my hands. they have always been moved in mr. beard's hands. i have had no need to actually recuse myself on paper. i've been involved in no business with microsoft since i joined this organization. >> that is correct, sir. i am the agency official that handles all matters related to microsoft securement. only if there is an operational issue in the morning, something is broken overnight, he leads all of the issues.

anything but fears anywhere close to sales or use of its contract services, those are exclusively mine. i handle them completely. >> would you say that you can cause directly or indirectly the purchase of any microsoft product? >> i would say i cannot. i have been very disciplined about it. i will tell you that the main thing that i've done the past 2 1/2 years has been very hard on microsoft whenever they've had an operational issue. >> meaning what? >> they are in these meetings and i call them to task when they haven't performed the way that we expect them to. >> a couple of scenarios, where my going here? >> he actually has very little knowledge of that because i run the. each of the executives that

report to me are part of a board of experts considering how we use microsoft products and other products to deliver products for veterans. >> have you ever participated in any meetings or conversations referencing the microsoft governance? no. not on any business whatsoever, i may have been in a meeting, i have not been involved in any of the business relationships in microsoft at all. >> mr. chairman, i yield back, the time is up. >> i will now recognize representative landsman. >> of peace, you had talked about the pay and equities and

we are seeing this across federal agencies and government in general just having a hard time keeping pace with private sector wages and as a result just not being able to get the workforce that we need and you've mentioned the work that you all have done and when he reached out, work-life balance matters, i think you said growth was up there. we've heard that one of the issues has to do with the time it takes when somebody applies for a job to when you ultimately make the offer, i don't know if this is true or not but in my head i have six months, let's see if

you can imagine if you are an engineer and you are somebody who has multiple opportunities, that is going to be an issue. pay is a piece but if it takes six months to hear back you may have lost a lot of talent in that period of time. two questions, is not an accurate assessment? if not, please set the record straight. if it is an issue, whether it is six months or shorter or longer, what can we do to be helpful? what are you all doing that is, should give us hope and do you need this committee to take some action to expedite that so that it isn't an issue if in fact it is? >> that is a great question. is set for a technologist who is looking for a job within 10 days they have three job offers. our average temp to hire was

146 days. so recently they did not have their hr authorities, we are about to give -- get our hr authorities. that helps us in our ability to retain talent. let me be specific. my other title says the chief myth busting officer and i say this is why you want to come work for us. i am a retired veteran. we have the opportunity to be veterans like myself and that matters. the time off and the products we're working on in healthcare data, the cyber security. and then i feel the questions. the second thing we've done is that we've optimize the search criteria, we have leveraged

data now to source and in person hiring event and we have let that with the advance and that's yielded how we grow the staff. >> those are pretty certain numbers. the 10 days for the average engineer, will what you just talked about get the 140 down if so to one. in is there a way to get it done to 10? >> the deal is i lose credibility. by source into a job and can give you a job offer on the spot that's not cool. i think i can get this reduced down significantly, give me an opportunity to try.

i think it would be very helpful for the committee to track this with you, salary is tough. obviously we have to be competitive with budget restrictions. and work-life balance is obviously something that you have to be able to sell growth. it is doable, i think it would be very helpful to see where we are? every 90 days, whatever you think is appropriate, if it is 140 now, what will it be in 90 days? >> to hire employees from silicon valley, i believe you said in the press that you have

to manage 1000 employees, how many of those people were hired through this campaign? >> sir, we have about 434 hired. i would like to caveat that, that was substantially tough on our team. that meant i can't post my own job announcement and can't do my own technical evaluation to determine that yeah, they are qualified. >> that was when he made his statement about what his goal was. >> it wouldn't change, the process when change. the process was in place, you set your goal. >> what is the average tenure of your current oit employees?

>> i believe the average is six years. >> how many employees how many of those employees were hired since 2022 with the special salary rate created? >> total, i believe this fiscal year has been for 64, in totality i think we have been at 1000. we are hard -- we have hired since july -- >> let me make sure i understand this.

>> is that accurate, 85% employees received the increases . >> just new employees. >> that's fine. i just want to make sure that we are really clear that 85% of the existing folks who have a tenure of about 16 years received a 17% increase. mr. delbene, i understand your objective to use a special salary rate to make oit a more attractive place to work and recruit more talent, i get it. that doesn't seem to be what happened. >> we brought in 400 people, the average tenure is 16 years. >> we have made progress in one year and we will make progress in next. >> we have also implemented a freeze and when people leave we

are not bringing more employees in? >> because of the tightness of headcount, we evaluate every position as it becomes available. be mike i want to make sure it is clear. the employees deserve that increase as well. these are people that are committed -- >> mr. delbene, i am not arguing that. what i'm trying to do is to make sure that the general public that's watching this understands that there are things being done to drive a lot of your budget into the hr department. mr. delbene -- >> a lot of money is being driven into the hr department and we are starting to starve the very purpose of your department which is technology. what you are doing is betting on

we are plus thing up hr, we are creating a long-term. >> you may continue. >> thank you, the ss are is not a significant portion of my budget how are you going to, is there enough money adequate for mitigating and preventing future attacks?

like the one we saw that would change healthcare in february? >> i'm not trying to avoid the question, i don't think there's ever, you can take an amount and say as a result of that amount that would have prevented every potential incursion, some of the stuff that we do doesn't actually require incremental investment. they would like more for cybersecurity and i would say that too. i'm very happy that we are making incremental investments. i was just telling my team before the first thing you need to do and don't do any new features -- regardless it is the top priority. >> since the budget is focusing on maintaining and keeping everything intact, if there is a cyber attack, is there any money there to mitigate? >> to mitigate any cyber attacks.

>> if you are in the middle of an incident, it's all hands on deck -- >> we would basically stop a lot of stuff. the mitigation would be the number one thing we would do. >> making improvements -- >> that is a complicated question. i think that is very broad and compliance exercise than it is a risk based analysis we have the greatest risk. everybody listening to this question is to get more focused on where the biggest risks are. it's become super easy to find those places of weakness by the numbers, what we focus on with this area, i look through what

they found and say which were the ones that care about the impact and security in particular those are the ones that we focus on for the team. there is a bunch of other stuff , strictly speaking, you got me. i will also say that historically we are an organization that has a lot that did everything by policy and not risk analysis. not all of that policy can actually be implemented universally and not all the policy is necessary in terms of being the higher risk things. we have shifted toward the analysis of real risk that could potentially lead to an attack. >> what resources do you need to gain ground in this area? >> it is a mixture of resources. the information security officer is probably the boots on the ground that need to look at each and every system. i need to upscale those folks and they are energized to do so. they need to do the first point

of contact that says, anderson my system in the gaps in my system. the other place that i've really push hard on is having external people try to come into the system and against our knowledge will be monitoring everything as we do. but they are called red teams. i believe a lot that red teams are an important part of the security posture. also very expensive resources. the funds available in the budget for things like red teams . >> i am never happy with our cyber posture. any good cio would tell you the same. >> i fillet is increased or decreased? >> i think under hard to say it is a subjective member. >> thank you, i yield back.

>> mr. delbene, you have told us that there are microsoft executives in morning meetings. you have told us that you have been tough on an actual contract performance, you have told us that there has been no official recusal. you have told us that there is no documentation of any official recusal. if not indirect or not direct influence, from what you have told us this afternoon. >> i am highly confident i have had no impact i am talking

about influence over contracts. it would not be objective, relative to the commitment i just don't accept. >> you have testified to this, mr. chairman, i yield back. >> how much has it been reduced since the special salary rate went into effect.

we believe that number goes to 8310. do you want to confirm that? >> that is correct. >> so -- >> i apologize, maybe i'm not understanding the question. what you are doing with your ftes, it has been reduced since the special salary rate went into effect, has it not? >> yes, yes it has. let me get the numbers. >> we reduced approximately 800 people based on what the official cost would be. it was 140 160 million dollars to drive that 17%

>> i'm just trying to get the ftes that you have reflected in your budget . before they went into place, i understand what is actually there at any given day fluctuates. you have asked for reduction. >> at the time that we made the determination, we did not have the based on funds availability. they talked through the trade- offs and intentionally we decided as a team that we were going to go for implementation of the special salary rate. we

didn't have bodies and those so nobody was rift. the new equipment, printers, commuters, they do not deploy themselves that hospitals and clinics around the country. we need talented staff out on the field. we think through these issues and we work very hard to make solid trade-offs. there was going to be an additional demand.

all of the administrative process that was going to be generated, that is what we were told. >> you issued a memo setting a headcount to restrict new hiring. what was the special salary count that went into effect? what was a headcount rate? >> for the fiscal year of july 2023, i had to confirm that number, we were shooting for 8600 -- >> 8668? okay, this is where i'm trying

to appeal this. we are being told is a committee that we are going to need these additional sales. i understand compensating people properly. i understand trying to attract talent. what we are being told is that we have to have these additional ftes what is 8150 certain. >> the oit budget request for 24 are 8243 +139 from the toxic exposure fund. that is 83-82 -- 8382. there are 8405 +139 from the toxic exposure fund. that is 8544. that is what is in the budget request. how do you reconcile these numbers with the authorize headcount in the memo?

>> let's go back and work with your staff to get you the numbers that you are looking for. >> the budget request, it's looking at 8382. we have a memo that shows that you're trying to hold it at 8150. 83, whatever that number is is what's in the budget. >> it appears that rather than expanding the workforce that the offices struggling to afford the special salary rate the payroll is continuing to grow as the workforce itself is shrinking. we get these demands saying

that we have to have the additional cell. >> the request is fairly modest in this budget, i will say that the staff hasn't shrunk. you mention the memo that nate put out basically went through the process of how you get the possession reapproved. that is the goal is to shape and put the headcount where it is most impactful to the mission. i do think we have an opportunity to take some of the particular roles that are less impactful and as a turnover, put them on jobs that are more impactful for the organization. i will also say, i would do the special salary rate again even if we have to we have to pay people appropriately. >> i appreciate that, i am well over my time and i apologize but the fact of the matter is, i'm very concerned that you are directing all of these funds into hr, you are starving these other sections, and then you're going to come back and ask for

a supplemental and these funds that you are describing. with that, i yield to cherfilus- mccormick . >> this subcommittee has been paying close attention. i am concerned when i saw the 65% cut to the readiness program, it is hard to see this prioritization return. how is the infrastructure impacting the work of the frontline staff? >> i think as i said earlier i don't think the reduction that we would have done to the information or the infrastructure readiness program can be sustained over multiple years. i actually think we will be okay for this one year in the budget because we have made investments leading up to that. there was a comment made earlier for about 10 minutes.

we have statistics on the boot time for all pcs every day. that i don't even know that that is, we talk about long times, we talk about five minutes which i'm happy with. they are not as significant as what was implied. the performance and the users, right now end-users are pretty happy with the pcs and the computer experience, that in terms of their customer satisfaction i think will be okay. >> how would it impact the years of neglect? >> with this we will have to push out some modernization. that is a challenge we are going to live with. >> and what is your plan to get it back on track?

>> i think because we've had multiple years where it's been in good shape, i think we are okay. i will have to come with you all to say that is a number that we can't cut again. you have my commitment that i will come back to you with that sort of an ask. >> with abby next year's budget, the following year? >> i don't think i would support a sustainment of that cut over multiple years. >> i think we can deal with that with this year, yes. >> thank you, i yield back >> that brings us to the conclusion of our hearing, would you like us to -- i will go into closing statements. >> thank you, i appreciate the testimony and answers from our witnesses this afternoon. our time today has been important to highlight an expansive but often underrecognized expansion. i have serious concerns that the budget we have discussed today when primarily focused on

keeping the lights on will diminish the va's ability to be effective in its mission. i worry that by not prioritizing the va's aging infrastructure, we are doing a disservice to veterans as well as those faithful servants dedicated to bas numerous modernization efforts like the bms and digital g.i. bill. i look forward to working with the chairman and va to ensure that the va is more prepared for the future. lastly, i would like to add something to the chairman's remarks regarding the timeliness of the va's testimony. i don't want to speak out of turn, but i think one common goal is to strive for transparency. receiving the testimony for this hearing, a mere three hours before we

begin is not productive to a collaborative or transparent conversation. i hope we can work forward in improving communication moving forward. thank you so much and i yield back. >> thank you very much. i want to thank our witnesses for joining us this afternoon. i don't think that anyone in this room believes that the va technology request will be helpful or improve service for our veterans. the administration will allocate the amount of money to other parts of the va. i can understand that. it is extremely disappointing that whoever wrote this budget request designed the cuts of the most lopsided damaging way possible. this is not a haircut, this is a lobotomy to a few of the offices core capabilities. i would like to see a successful project get rewarded and failing projects be terminated. slashing half of the funding for some of the key systems that have been struggling is a recipe for disaster. it is also disappointing that the toxic exposure fund is

merely being used to plug budget holes when the bureaucracy finds it convenient, not to boost the va's ability to serve toxic exposed veterans as congress intended. and i have already been in conversations with my colleagues to have that conversation. i'm very concerned that the special salary rate which may have been well intended will become completely unaffordable when combined with this budget and undermine the organization. this situation risks spinning out of control. i'm not going to tolerate the va work force being hollowed out or the contractors escaping untouched. i will be waiting to hear that information from you as well. the subcommittee will keep a close eye on oit budget and management over the course of this year. we expect to va to deliver the modern user-friendly tolls to help veterans access the care and benefits that they have earned. we can't let the

bureaucratic politics in washington get in the way of it. i asked consent that all members have five legislative days to extend the remarks. with no objection, this hearing is adjourned.