When Bernard “Bud” Barton was hired as the Chief Information Officer (CIO) for the Library of Congress in September 2015, he had his work cut out for him. That spring, the U.S. Government Accountability Office (GAO) had released a report, “Library of Congress: Strong Leadership Needed to Address Serious Information Technology Management Weaknesses,” following an 11-month audit.

The agency reported that the Library of Congress did not have an IT strategic plan, it wasn’t effectively managing its IT investments, its information security and privacy practices were deficient, its Information Technology Services (ITS) division wasn’t providing satisfactory service to operating units such as the Copyright Office, and that the library did not currently have anyone in a leadership role who could address these weaknesses. (The former CIO was in an interim role and did “not have adequate authority over or oversight of the Library’s IT,” the report noted.)

When Barton was hired from his former position as CIO of the U.S. Department of Defense’s Defense Technical Information Center, he was faced with the GAO’s list of 31 recommendations to overhaul and modernize the library’s IT infrastructure. Five years later, those recommendations have been implemented. LJ caught up with Barton to discuss his team's work, and what’s ahead as the Library of Congress continues to modernize its IT.

LJ:  In 2015, the GAO audit presented the Library of Congress with a substantial list of issues to address, including the need to hire a permanent CIO. What drew you to this challenging role?

Bud Barton:  I’ve been in IT most of my adult career. The natural progression from an introduction to IT, going up from a service desk, to managing servers, to being a manager of IT professionals, to being in charge of certain areas of technology. CIO is typically thought of as the top of the career field, and the Library of Congress presents such an opportunity for a CIO to use all of the skills that you generate through that career progression.

The breadth of technologies necessary [was appealing]. Especially when you consider that not only are we providing library IT services, but we are also home to the Copyright Office and the Congressional Research Service, and both of those organizations have very different types of technology needs than a typical research library. It was a natural draw to me to take what I had learned and begin to apply those capabilities in a much broader [institution].

What were the biggest challenges that needed to be addressed when you assumed the role?

The Library of Congress had always been considered a leader in innovation when it came to technology. I observed that when I came in. The challenge was, they approached it not from an IT industry perspective. It was really smart people using technology that they became familiar with through interacting with others in the library field, to improve how they were delivering services. That approach worked early in the IT era.

Once we got into a place where there were much more sophisticated hackers, nation-states that were trying to do things that we would rather they didn’t do, it became much more necessary to look at things from an IT profession perspective, while at the same time not losing that focus on the library services [technology] capabilities that were needed. So, it was really challenging to make sure we didn’t give up that in-house innovation attitude that got the library where it had been—developing the MARC system, developing databases that were leading edge at the time they were developed beginning in the 1980s. To professionalize that outlook on how things should be delivered, without losing that internal specialization…was what was needed.

In an interview you did shortly after starting your new role, you mentioned that the library’s storage needs would be a major challenge. What is the state of that now?

Every 18 months for the past 16 years or so, the library’s requirements for storage have doubled. You can easily project out what the amount of storage is going to have to be. We’ll be in exabytes [1,024,000 terabytes] of storage for the library in a very short period of time. The amount of storage that we use to provide services that the public or Congress have access to right now doesn’t include our backups or our development type of storage. We’re almost at 100 petabytes [102,400 terabytes] right now with that type of storage [for services].

The volume of storage…is one challenge. Another challenge, which the IT industry is having to address, is formats of storage—spinning magnetic disks versus solid state drives versus optical storage. What is going to be the most permanent way to store data—which is something obviously libraries are very interested in. We don't want something that's going to degrade over a period of years. Otherwise you're going to be investing a lot of money every few years to refresh your storage capability. So we like to think more in terms of decades. And I think we're to that point where we've been able to address that. We're using multiple types of storage media to meet the needs based on a lot of different factors.

But storage was certainly a huge factor that we had to consider early on [in responding to GAO’s recommendations]. That would be part of the optimization phase.

What were these phases for the modernization plan?

We tried to break this up into three major phases—stabilization, optimization, and modernization—and we've been pretty successful with that. There's some overlap, as you can imagine.

The stabilization phase is about taking our existing technologies and making sure they were performing at a suitable level to accomplish what they were intended to accomplish. So, in the case of storage, making sure that the storage media was current, that it was optimized from a usability perspective. And then making sure that as things were coming to end of life, we were doing what was necessary to make sure [storage media] did not degrade any further as we were doing the next piece, which was the optimization phase. Putting in place processes and procedures to make sure that the capabilities that we had, from an IT perspective, were being used most effectively. That revolves around having fewer types of applications that do very similar types of things. As you can imagine, a database that you can search and find catalog content on, if you have 200 of those databases there’s a lot more maintenance and activities that that have to take place, as opposed to if you only have 10 or 12.

The modernization gets into this state of “is there a better way to do what we've been doing all along?” We've come a long way. I would the use the Copyright Office as our primary model. We're pretty far along in the modernization efforts of what we call our Enterprise Copyright System. That’s coming along really well. It’s very integrated with the library as far as content is concerned. And we’re trying to make sure that both of those missions—the Copyright Office mission and the library mission as it relates to copyright—are using the most current, proven technology….

One of my core beliefs is that, in an optimum environment, IT will essentially not be visible to the end users…. But getting there has been a bit of a challenge. We’ve had to make IT [temporarily] very visible, very up front in our planning, decision making, and especially funding efforts over the past several years. It’s my hope that, as we develop a sustainable model, it’s clear whenever you want to put an investment in up front, that there’s going to be a requirement to maintain that investment over a period of time. Once we have that established as a habit for the organization, I believe IT itself will be able to fade back and be there as a support mechanism…which is where it should be, in my opinion. You don’t want IT driving the business. We want the business driving IT, but in a responsible manner that puts us in a position where we’re secure, we’re authoritative. We know that what the public, or Congress, or a philanthropist trusts us with at the library, that in 100 years, we’re going to be able to have that available and searchable by our patrons.

What are a few of your staff’s accomplishments that you’d like to highlight?

Security was a major aspect of the [GAO] findings. There’s something called an Authority to Operate (ATO) [security authorization process] in an IT environment, and that means that an application has been reviewed very thoroughly…to prove that there are no backdoor vulnerabilities, that it’s secure, confidential, and contains the integrity necessary for your data. When I first got here, the number of ATOs that the library had for our applications was very low. Probably around 25 to 30 percent of the applications had one. Now we’re up to 100 percent. That was a huge milestone. Every application we put out, that the public or Congress uses, we’ve done the security research necessary to ensure they can be confident in the integrity of the data.

One that I am really proud of—just in the past couple of weeks, we finished this—is called BARD to the cloud. BARD is part of the National Library Service for the Blind and Print Disabled (NLS), and their Braille and Audio Reading Download application is now run in the cloud, with significantly improved performance. There was a conversation that I had with the head of NLS, Karen Keninger. I wanted to make sure I understood the importance of not just audiobooks, but braille. And the fact that we can download data that allows someone who can read braille to use a braille device to read books or whatever content we’re providing is significant.

What is next?

We're probably 20 percent into our modernization phase. We are modernizing all parts of the library. So I mentioned the copyright organization earlier. The library services organization within the Library of Congress is looking to modernize how they deal with fundamental technology that manages all of our collections. We are going to be working very closely with them to make sure that as this new system comes into being, we don’t lose the efficiency that we have with our current systems. We also have the Congressional Research Service that is modernizing their technologies and how they directly support Congress and the members of the House and Senate. We’re deeply involved in making sure that is done in an effective and efficient manner.

All of the other parts of the library that provide support—we're also working in each of those areas to make sure that we create a sustainable infrastructure, sustainable applications, and something that we call continuous delivery and development, so that we don't get ourselves into a position where in 10 years we have to redo a whole new system. We’re looking to put in place the ability to do incremental but significant changes to applications, as those needs arise…. It’s not a one-time deal, it’s not checking a box, it’s really putting in place processes, procedures, and funding streams that allow us to keep things modern as technology improves.