Cyber Security

Federal IT Modernization Fund’s Financial Needs Draw Lawmaker Scrutiny

Federal CIO Clare Martorana said that the government should be operating on the “most modern technology available.”

The United States federal government continues to struggle with outdated IT systems—causing cybersecurity risks, unmet mission needs and staffing issues—as well as efforts to modernize them, despite initiatives like the Technology Modernization Fund. At a House subcommittee hearing, members clashed over funding and oversight for these issues. 

Federal Chief Information Officer Clare Martorana testified on Friday before the House Oversight and Reform’s Subcommittee on Government Operations’ hearing on “Project Federal Information Technology: Make IT Work.” The hearing follows the White House’s publication of the Information Technology Operating Plan in June. The plan provides a guide for government to deploy technology that is more secure, user-friendly, cost-effective and modern. It focuses on four areas: cybersecurity, IT modernization, customer experience and data. 

Two issues repeatedly brought up in the hearing were the government’s use of legacy systems and a financing program to help agencies address them—the Technology Modernization Fund. The representatives focused on the Office of the Federal CIO and the Office of Management and Budget’s non-compliance with the TMF, particularly when it comes to reimbursement. 

The TMF was established through the National Defense Authorization Act in December 2017, with an initial cash infusion of $250 million. Unlike usual IT appropriations authorized for government agencies, the TMF was designed to loan funds out for various agency IT modernization projects, with the agency responsible for paying back the fund via savings achieved after the modernization. But a vast majority of the projects currently funded under the TMF are still listed as “active” in their repayment.

In his opening remarks, Subcommittee Chairman Gerald E. Connolly, D-Va., stated, “successful modernization demands constant action and nimble solutions that keep pace with rapidly shifting IT ecosystems.” 

Specifically, Connolly noted that thus far TMF has awarded approximately $600 million to 28 unclassified projects across 17 federal agencies. In a previous hearing, it was noted that 60 agencies have applied for funding to support over 130 projects, totaling $2.5 billion, which is more than double what Congress provided in funding. He added that Congress must continue to support TMF funding and modernization efforts. 

Ranking Member Jody Hice, R-Ga., stated that while others want to increase funding, “simply pouring more money into a black hole is not a solution. What we need is solid oversight that is backed by reliable information, in order to determine the true state of our federal IT—to determine whether federal IT projects are delivered on time and on budget. All of that requires oversight. It requires accountability.”

Martorana added that while the TMF was recently provided $1 billion through the American Rescue Plan to modernize federal government technology, that “down payment” amount is not enough, because retiring legacy systems and upgrading technology can take many years and billions of dollars for just one system at one agency. 

Connolly asked why more money was needed if the government is spending approximately $100 billion per year overall. He also questioned why more money was needed “to incentivize agencies to retire their legacy systems.”

Martorana noted that last year, her team only saw one TMF modernization proposal, which she claimed was indicative that “something wasn’t meeting the needs of agencies.” 

A proposed solution was to make certain TMF requirement agreements—such as reimbursement requirements, schedules and payment statuses—not only available to Congress, but also to the public. 

On top of funding challenges, Hice noted the lack of a standardized definition of “legacy systems,” which he found to be problematic, because the lack of consistency could create confusion and obstacles.

Martorana said that a legacy designation would mean “a system that does not meet the mission needs of an agency.”

Under her definition, an old system doesn’t necessarily equate to the legacy moniker.

Advertisement. Scroll to continue reading.

“Sometimes we are able to run on some legacy systems that actually still have operational viability,” she said. “But where I consider a legacy system that wholesale needs IT modernization is a system that is failing an agency’s mission, so that we cannot deliver the right services to the American public.”

However, Connolly challenged her definition, finding that it ignored a key element of the term. 

“The word legacy implies old,” he said. “And so something that’s a legacy comes from the past and it isn’t just doesn’t meet my needs today, because that could be a new system that just doesn’t work. So I think we need to be a little more specific about what legacy means.”

Connolly went on to use the IRS as an example of an agency with legacy systems, but has concerns about modernizing its system or assertions that the system still works. However, Connolly added that “a legacy system needs enormous maintenance. It’s energy inefficient—by definition if it’s 40 years old or older—and the number of people who know how to use the language required is dying out.” 

He also asked if there were concerns that legacy systems are inefficient, could break down and are more susceptible to hacking.

“Legacy is a tough subject,” Martorana said. “We should be operating the United States federal enterprise on the most modern technology available. Full stop. If we are going to deliver digital transformation for the American people in our lifetimes, we have got to improve the foundational cybersecurity as well as operating presence of our technology. That takes investment over years and years and for us to get out of this tech debt that we have across almost every single agency.” 

Hice questioned how good the government is at actually retiring legacy systems, despite the billions of dollars being spent on this endeavor. However, there is no clear source of how the funding is being spent. Martorana pointed to the IT dashboard as a good place to start, along with each agency’s respective budget. But both the ranking member and the federal CIO expressed concern about the reliability of the data and information in the dashboard.

“It is reliable as it is up, running and operating, but systems are only as good as the data that is input into them, and it is data coming from the federal CIOs,” Martorana said. “It is their responsibility to enter data into the IT dashboard on behalf of their agency in their program.”

Martorana also noted that agency CIOs must manually input this data, with some agencies still heavily relying on paper, making the manual process tedious, time-consuming and susceptible to human errors. However, she added that her team does verify and clean the submitted data. 

“In many technology areas, we’ve advanced so far, having machine readable data, having APIs and automated ways of collecting data, analyzing data and creating actionable insights from that data,” Martorana said. “These are all manual data calls that agencies are submitting. And I say we can do better by investing in some of the tools at agencies, so that all of us that have oversight roles are able to make more informed decisions from the datasets available.”

She noted that, as modernization occurs, it is important “that you’re thinking about the business process and not just moving old antiquated [systems and equipment].” 

Source: https://www.nextgov.com/it-modernization/2022/09/federal-it-modernization-funds-financial-needs-draw-lawmaker-scrutiny/377291/

Click to comment

You May Also Like

Cyber Security

The Federal Cybersecurity Vulnerability Reduction Act aims to establish standardized vulnerability disclosure policies across all federal contractors. Rep. Nancy Mace, R-S.C., has introduced a...

Cyber Security

A letter from the House Select Committee on the Chinese Communist Party asks the FCC for investigations into Chinese-linked connectivity modules as the agency...

Cyber Security

The House Committee on Oversight and Accountability is investigating how the State and Commerce departments responded to a cyberattack that successfully gained access to...

Cyber Security

Pyongyang’s growing reliance on cybercrimes to circumvent international sanctions should push the U.S. and its allies to fully enforce existing sanctions and review whether...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version