My concern is that we have departmental reports and results that have objectives and aims, yet we have no real key performance indicators to be able to measure the progress of the department if we haven't identified already what we're going to define broadly across the services as being at risk. Critical failure in IT is a national security issue. I'm hearing about DOS and I'm hearing about these old legacy systems. I worked at a bank—I won't name it—that ran DOS, and it was a nightmare. That was almost 10 years ago.
Once you've completed this task, when can we expect an update back to this committee, once you have clear definitions, so that when we go to reflect on the progress of your department, we can actually see what has been done in this critical space? Right now, I'm not hearing a very comfortable answer in terms of being clear about just what kind of stage of critical “rusting out”, I think they're calling it in your briefing letter, we're facing here.