[Senate Hearing 117-167]
[From the U.S. Government Publishing Office]


                                                       S. Hrg. 117-167

               EXISTING RESOURCES AND INNOVATIONS NEEDED
             TO REPLACE LEGACY IT AND SAVE TAXPAYER DOLLARS

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                EMERGING THREATS AND SPENDING OVERSIGHT

                                 OF THE

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                    ONE HUNDRED SEVENTEENTH CONGRESS


                             FIRST SESSION

                               __________

                           SEPTEMBER 28, 2021

                               __________

        Available via the World Wide Web: http://www.govinfo.gov

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs
        
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]

                              __________

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
46-705 PDF                 WASHINGTON : 2022                     
          
-----------------------------------------------------------------------------------  
        

        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                   GARY C. PETERS, Michigan, Chairman
THOMAS R. CARPER, Delaware           ROB PORTMAN, Ohio
MAGGIE HASSAN, New Hampshire         RON JOHNSON, Wisconsin
KYRSTEN SINEMA, Arizona              RAND PAUL, Kentucky
JACKY ROSEN, Nevada                  JAMES LANKFORD, Oklahoma
ALEX PADILLA, California             MITT ROMNEY, Utah
JON OSSOFF, Georgia                  RICK SCOTT, Florida
                                     JOSH HAWLEY, Missouri

                   David M. Weinberg, Staff Director
                    Zachary I. Schram, Chief Counsel
                Pamela Thiessen, Minority Staff Director
    Andrew Dockham, Minority Chief Counsel and Deputy Staff Director
                     Laura W. Kilbride, Chief Clerk
                     Thomas J. Spino, Hearing Clerk


        SUBCOMMITTEE ON EMERGING THREATS AND SPENDING OVERSIGHT

                 MAGGIE HASSAN, New Hampshire, Chairman
KYRSTEN SINEMA, Arizona              RAND PAUL, Kentucky
JACKY ROSEN, Nevada                  MITT ROMNEY, Utah
JON OSSOFF, Georgia                  RICK SCOTT, Florida
                                     JOSH HAWLEY, Missouri

                     Jason Yanussi, Staff Director
                            Peter Su, Fellow
                 Greg McNeill, Minority Staff Director
                Adam Salmon, Minority Research Assistant
                      Kate Kielceski, Chief Clerk
                           
                           
                           C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Hassan...............................................     1
    Senator Rosen................................................    14
    Senator Ossoff...............................................    17
    Senator Hawley...............................................    20
Prepared statements:
    Senator Hassan...............................................    25

                               WITNESSES
                      Tuesday, September 28, 2021

Clare Martorana, Federal Chief Information Officer, Office of 
  Management and Budget..........................................     3
Mina Hsiang, Administrator, United States Digital Service, Office 
  of Management and Budget.......................................     4
V. David Zvenyach, Director Technology Transformation Services, 
  U.S. General Services Administration...........................     6

                     Alphabetical List of Witnesses

Hsiang, Mina:
    Testimony....................................................     4
    Prepared statement...........................................    31
Martorana, Clare:
    Testimony....................................................     3
    Prepared statement...........................................    27
Zvenyach, V. David:
    Testimony....................................................     6
    Prepared statement...........................................    36

                                APPENDIX

Responses to post-hearing questions for the Record:
    Ms. Martorana................................................    42
    Ms. Hsiang...................................................    46
    Mr. Zvenyach.................................................    51

 
                   EXISTING RESOURCES AND INNOVATIONS
         NEEDED TO REPLACE LEGACY IT AND SAVE TAXPAYER DOLLARS

                              ----------                              


                      TUESDAY, SEPTEMBER 28, 2021

                                     U.S. Senate,  
                       Subcommittee on Emerging Threats and
                                        Spending Oversight,
                    of the Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 2:30 p.m., via 
Webex and in room 342, Dirksen Senate Office Building, Hon. 
Margaret Wood Hassan, Chairwoman of the Subcommittee, 
presiding.
    Present: Senators Hassan, Rosen, Ossoff, Scott, and Hawley.

             OPENING STATEMENT OF SENATOR HASSAN\1\

    Senator Hassan. This hearing will come to order. Good 
afternoon and welcome to our distinguished panel of witnesses. 
Thank you for appearing today to discuss the resources and 
services available to agencies seeking to modernize their 
outdated and obsolete legacy information technology (IT) 
systems.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Hassan appears in the 
Appendix on page 25
---------------------------------------------------------------------------
    There is a lot to discuss today: how Congress can 
supplement these resources in order to accelerate 
modernization, hold agencies accountable to their modernization 
plans, and reduce the Federal Government's reliance on aging 
technology.
    Also critical here is, of course, ensuring that in all of 
these efforts we are staying focused on saving taxpayer 
dollars. This is critically important because we know that 
outdated technology fails to serve the American people and is 
insecure against sophisticated cyber attacks. It also wastes 
billions in taxpayer dollars every year due to poor procurement 
actions, improper payments, and expensive contractors needed to 
operate and maintain aging systems.
    I also want to thank Ranking Member Paul, who is unable to 
join us today, and his staff for working with me on this 
hearing and, more broadly, on our ongoing efforts to curb 
wasteful spending. Just last week, we introduced the 2021 
edition of Acting on the Annual Duplication Report Act, which 
would implement recommendations made to Congress by the 
Government Accountability Office (GAO) to eliminate wasteful 
duplication, fragmentation, and overlap across the Federal 
Government. I look forward to working with Ranking Member Paul 
and all of my colleagues to move that bill forward.
    Today's hearing builds on a hearing this Subcommittee held 
in April that focused on the issues that are holding agencies 
back from realizing significant cost savings, increased 
security, and greater service delivery by modernizing their 
systems. The question we are asking today is: How are these 
agencies using existing tools and resources to transform their 
aging technology, and what can Congress do to fill the gaps 
that may remain?
    At our previous hearing, former Federal agency chief 
information officers (CIO) and a Government Accountability 
Office expert on Federal IT management discussed the costs and 
challenges that legacy IT systems present. We learned that 
detailed IT modernization plans are critical to an agency's 
long-term success in updating IT and budget for capital 
projects. We learned that funding mechanisms, such as the 
Technology Modernization Fund (TMF) and agency working capital 
funds, need to be improved to accommodate multi-year 
modernization efforts. Most importantly, we learned about the 
impact that the Federal Government's aging IT infrastructure 
has on the American people.
    Despite some challenges, agencies have a tremendous 
opportunity to modernize these outdated systems and, in turn, 
make government more effective and efficient. Over the course 
of the pandemic, we saw chief information officers across the 
government quickly equip their agencies to work remotely. 
Congress and the Executive Branch have made more financial 
resources available to agencies to upgrade their IT systems 
than ever before, and there are programs and policies in place 
to assist agencies in taking their aspirations and turning them 
into achievements.
    Lending their expertise and insights on what more we can do 
to address the challenges we face is our panel of very 
accomplished witnesses, consisting of the Federal Chief 
Information Officer, the Administrator of the U.S. Digital 
Service (USDS), and the Director of Technology Transformation 
Services (TTS). I look forward to hearing from all of you today 
about your work to assist agencies in reducing their reliance 
on costly, outdated, and obsolete technology.
    Now, it is the practice of the Homeland Security and 
Governmental Affairs Committee (HSGAC) to swear in witnesses. 
If you will please stand, and even stand in your virtual 
environment, that would be great, and please raise your right 
hands. Do you swear that the testimony you give before this 
Subcommittee will be the truth, the whole truth, and nothing 
but the truth, so help you, God?
    Ms. Martorana. I do.
    Ms. Hsiang. I do.
    Mr. Zvenyach. I do.
    Senator Hassan. All three witnesses have answered in the 
affirmative. Thank you all. Please be seated.
    I will now introduce our witnesses. Our first witness today 
is Clare Martorana. Ms. Martorana is the Federal Chief 
Information Officer and leads the Office of Electronic 
Government and Information Technology at the Office of 
Management and Budget (OMB). Before joining the Biden 
Administration in her current role, she served as Chief 
Information Officer for the Office of Personnel Management 
(OPM), where she led the Agency's efforts to improve security 
and operations. Ms. Martorana joined the Federal Government in 
2016 but has spent over 2 decades working to make information 
accessible to the public through digital innovation.
    Welcome, Ms. Martorana. You are recognized for your opening 
statement.

  TESTIMONY OF CLARE MARTORANA,\1\ FEDERAL CHIEF INFORMATION 
            OFFICER, OFFICE OF MANAGEMENT AND BUDGET

    Ms. Martorana. Chair Hassan, Ranking Member Paul, Members 
of the Subcommittee, thank you for the invitation to testify 
today on information technology. It is my pleasure to be here 
with my colleagues, Mina Hsiang and Dave Zvenyach. On a daily 
basis, the three of us work together and collaborate, and 
frankly, that is what it is going to take to make the best use 
of taxpayer dollars to deliver a seamless and secure customer 
experience for the American people.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Martorana appears in the Appendix 
on page 27.
---------------------------------------------------------------------------
    It is important to note that not all old systems are legacy 
and old does not always mean bad, antiquated, risky, or in need 
of retirement. The legacy technology I am most concerned with 
are systems that are out of support, cannot be patched, have 
availability issues, or cannot meet user needs or policy goals, 
systems whose security cannot keep pace with our adversaries. 
With a secure system, even when deemed legacy, we can still 
deliver modern customer experiences to the public. Teddy 
Roosevelt said, ``Do what you can, with what you have, where 
you are.'' I am happy to report that we can do a great deal 
across government with what we have, but what we need to do is 
work differently.
    Securing and modernizing Federal IT is a team sport, and 
here is what we can do now. Agency investments should be 
aligned to an enterprise IT and cybersecurity modernization 
plan. Technology and data enable each agency to execute on its 
mission for the American people, and they must be secure. An 
enterprise operating model requires all agency and program 
leadership to work together to achieve successful investment, 
deployment, and sustainment of modern, secure technology. We 
must put our customers at the center of everything we do, 
simply put, designing with users, not for them. We are 
establishing a culture in government that is mindful of 
customer experience in delivering agency missions.
    Using incremental software development, we can show our 
colleagues across government that service improvements are 
possible even within a legacy IT environment, and we must show 
and not tell. By delivering minimally viable products, we are 
able to get working software into the hands of users early and 
give design and development teams the opportunity to adjust 
based on user feedback about the services. By learning quickly 
what works and what does not, we reduce the risk of failure and 
can deliver higher quality, secure services to the public.
    It will take an enterprise mindset to get there. When I 
became the CIO at the Office of Personnel Management, I was the 
seventh CIO in 7 years. The Agency was facing an uncertain 
future and had a number of critical IT challenges, including 
mainframe legacy technology that held crucial data for our 
Nation. We knew we would not be able to solve the multitude of 
problems we were facing alone.
    I reached out to a colleague and now friend, the CIO of the 
General Services Administration (GSA), who immediately provided 
top technologists from his team to join mine, fill critical 
gaps, and help assess the situation. We realized we needed the 
specialized skills of another group of tech talent, the United 
States Digital Service, who have within their capability set 
the ability to rapidly assess critical infrastructure, identify 
insecure vulnerabilities, and recommend a path forward. From 
there, my colleagues at OMB provided historical context on 
previous investments and helped develop a financial strategy 
and path forward. Our team also engaged with GSA's Centers of 
Excellence (CoEs) in conducting an options analysis for the 
work ahead. This ultimately led to successful procurement of 
new supportable mainframe technology and its relocation to 
modern state-of-the-art data centers.
    These successes would not have been possible if I stayed in 
my silo. It took the combination of internal and external 
forces, technical talent, budget management officials, legal, 
privacy, finance, human resources (HR), acquisition, agency 
leadership, and legislative affairs colleagues, and many others 
to create the momentum we needed to stabilize, secure, and 
modernize operations.
    In conclusion, every single group I have met across 
government wants to be part of the solution, and I am planning 
on taking them up on their offer. I look forward to working 
with you and our key stakeholders so we can be successful on 
this IT modernization journey.
    Thanks for the opportunity to be here today, and I look 
forward to your questions.
    Senator Hassan. Thank you so much for your testimony.
    We are now going to turn to our witness who is appearing 
virtually, Mina Hsiang. Ms. Hsiang was recently named 
Administrator of the U.S. Digital Service within the Office of 
Management and Budget. She has worked as part of the U.S. 
Digital Service team on several previous important projects, 
such as rolling out ``www.vaccines.gov'' in response to the 
Coronavirus Disease 2019 (COVID-19) pandemic. She brings with 
her many years of experience in the private sector, working on 
digital innovation and customer service to her role as 
Administrator.
    Welcome, Ms. Hsiang. You are now recognized for your 
opening statement.

   TESTIMONY OF MINA HSIANG,\1\ ADMINISTRATOR, UNITED STATES 
        DIGITAL SERVICE, OFFICE OF MANAGEMENT AND BUDGET

    Ms. Hsiang. Chair Hassan, Ranking Member Paul, and Members 
of the Subcommittee, thank you for the invitation to testify on 
legacy information technology in government on behalf of the 
United States Digital Service. I am honored to be here 
alongside my colleagues, Clare Martorana and Dave Zvenyach. I 
am grateful that technology lets me participate remotely while 
sick.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Hsiang appears in the Appendix on 
page 31.
---------------------------------------------------------------------------
    The mission of USDS is to ensure that government services 
are delivered well, using the best of technology and design. We 
do this in partnership with government agencies, by recruiting 
and hiring top technical talent into Federal service, to work 
on important projects across the government, side by side with 
agency civil servants. We also collaborate closely with our 
technical partners across the government, including agency 
CIOs, the Federal CIO, and GSA. We are proud to have a track 
record of convening teams that partner with agencies to define 
and deliver on programs, both urgent and ongoing.
    At USDS, we are focused on improving delivery in a few key 
ways. First, we aim to make services more straightforward, 
reliable, and sustainable through stronger technical 
foundations. This is about making services simpler and more 
consistent for the families, small businesses, veterans, and 
others that we serve. This means strategic technical planning 
for multi-year programs, designing technology for performance 
and reliability, using integrated or shared tools for services, 
and building for fast improvement, including frequent 
deployment of code. It also means making it easier for agencies 
to do these things simply and by default, which is far from the 
status quo.
    Software is never done since needs, both technical and 
human, are always changing. We must make it easy and secure to 
iterate quickly.
    Second, we center our objectives around the people that we 
service. We put our users first. For example, when we think 
about veterans who need to know their benefits eligibility or 
school nurses who must track and report COVID testing in their 
school, we design the process, implementation strategy, and 
technical build around what will create the best possible 
outcomes for them. This usually requires an explicitly 
iterative process that incorporates users in every turn, 
evaluating how we are doing on the outcomes that matter for 
them and revising based on what we find.
    Finally, we find and empower great people. We strive to 
bring the best practices and skills from across the country, 
and we do this by recruiting team members with diverse and 
relevant backgrounds, including government, to bring their 
expertise to our critical mission. We have also created 
training and upskilling programs to ensure that our colleagues 
who already sit in critical positions throughout government can 
continue to be aware of and use current best practices. We are 
partnering with agencies and OPM to develop new capabilities 
across the government, to develop hiring practices for 
technical talent, to scale what we know works.
    These strategies are based on our experience from many 
different companies, agencies, and other organizations. We know 
that they work to prevent and address legacy IT problems, but 
they need to be scaled more universally across government in 
order to address the overall challenge. Without the right 
people, process, and technical foundations for every program in 
service, they will default to a slow pace of updates and 
change, becoming static and risk becoming legacy.
    We work to collaborate with programs early so that they do 
not encounter crises as a result of these problems, but when it 
does happen, we partner closely with our colleagues to fix it 
as in the example of the OPM mission-critical system that Clare 
mentioned. USDS joined the OPM CIO's team to provide the 
technical expertise to identify and debug OPM's current 
challenges with the mainframe and also to offer the best 
practice technical framework and strategy for moving forward on 
the solution. We then partnered as well with GSA when they 
arrived as they brought their expertise and capacity to drive 
the operationalization of the solution.
    The public, the families, small businesses, veterans, and 
others who are counting on these services do not care how many 
agencies exist, where the boundaries are, which legislation 
created which system or eligibility, or what the color of money 
is for maintaining a system. They want a simple and clear 
experience when they interact with their government programs. 
They want systems and programs that work together, address 
their needs, and deliver the outcomes they expect, minimizing 
their stress and the burden on their lives.
    In collaboration with our agency partners, the three of us 
seated in front of you are already working hard to coordinate 
and collaborate on the appropriate capabilities necessary to 
enable such a world, focusing on the experience of those we 
serve, empowering talented public servants, and learning from 
users to drive iterative, agile development and procurement. We 
have outlined some of the challenges that make it more complex, 
and we look forward to working with you to design solutions.
    Thank you for the opportunity to testify, and I look 
forward to your questions.
    Senator Hassan. Thank you very much, Ms. Hsiang.
    Now we will turn to our third witness, who is Dave 
Zvenyach. Mr. Zvenyach is the Director of Technology 
Transformation Services and Deputy Commissioner of the Federal 
Acquisition Service within the General Services Administration. 
An attorney by training, Mr. Zvenyach's previous experiences 
working for the Washington D.C. Council exposed him to the 
technology challenges that governments face. From there, he 
joined the General Services Administration and later 
independently consulted on Federal acquisition policy, and he 
rejoined the Technology Transformation Services office earlier 
this year.
    Welcome, Mr. Zvenyach. You are now recognized for your 
opening statement.

    TESTIMONY OF V. DAVID ZVENYACH,\1\ DIRECTOR, TECHNOLOGY 
 TRANSFORMATION SERVICES, U.S. GENERAL SERVICES ADMINISTRATION

    Mr. Zvenyach. Thank you, Chairwoman Hassan, Ranking Member 
Paul, and Members of the Subcommittee. My name is Dave 
Zvenyach, and I am the Director of Technology Transformation 
Services at the General Services Administration.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Zvenyach appears in the Appendix 
on page 36.
---------------------------------------------------------------------------
    It is an honor to be here today and a privilege to work 
alongside my colleagues, Clare Martorana and Mina Hsiang, as we 
work together to provide trusted, accessible, and respectful 
government experiences with and for all. They are accomplished 
technologists, dedicated public servants with a deep passion 
for service delivery. It is important that we are here together 
because delivering quality software at the scale of government 
requires a coordinated team effort.
    As Mina said, our work requires a focus on the experience 
of those we serve, empowering talented public servants, and 
learning from users to drive iterative, agile development and 
procurement. I am fortunate to work every day with incredibly 
talented individuals and teams all across the country, who join 
the government for one reason, to make sure that the technology 
for the government of the people works for the people.
    In government, we need to shift how we talk about and how 
we deliver software. We need to understand that software 
delivery is never really done. Technology is always evolving, 
and we need our systems to keep up with changes in the law, to 
improve performance and reliability, to meet new users' needs, 
and we need to focus and prioritize improving service delivery. 
We need to shift the government toward an expectation that 
every system in production should be continuously improved so 
that there is no such thing as a legacy system and no such 
thing as ``done.'' By that measure, we have a long way to go.
    But we also know that, as Clare said, we can do a great 
deal across government with what we have today. At GSA, we are 
proud of the role we play in working with our partners in 
modernizing government systems and improving procurement 
outcomes.
    At the core of our mission at TTS, to design and deliver 
digital government with and for the public, is the 
modernization and security of government's infrastructure and 
applications. Much of our work at TTS, our superpower, if you 
will, is focused on reuse, whether it is our FedRAMP program 
which helps agencies adopt secure cloud technologies through a 
``do once, use many'' security approach, or the U.S. Web Design 
System which is an example of a great collaboration with the 
U.S. Digital Service, which provides a consistent and 
accessible experience across agency websites, or 
``www.digital.gov,'' which enables practitioners to share best 
practices and learnings through communities of practice. These 
and other shared services, our TTS solutions, are a core part 
of what we do at TTS.
    We also partner directly with agencies through our 
Presidential Innovation Fellows (PIF) programs, 18F, and the 
TTS Centers of Excellence.
    The Office of Personnel Management journey described by my 
colleagues is a fantastic example of the sort of collaboration 
needed to fundamentally change the way services are delivered 
to employees, Federal agencies, and the public. A longtime 
partner of GSA, OPM looked at their health and benefits, 
retirement, and HR systems challenges and realized that 
expertise in understanding the entire landscape was needed. It 
would require technology and data asset inventory improvements, 
true, but it would also require the development of an 
acquisition strategy because of the impending loss of contract 
support. As Clare and Mina mentioned, the TTS Centers of 
Excellence played a critical role in developing and executing 
that acquisition strategy, helped facilitate the migration and 
modernization of OPM's mainframe, and assisted OPM in the 
sustained data governance and organization improvements along 
the way. We are honored to continue to partner with OPM on 
their modernization journey to this day.
    The next few years will bring increasingly complex 
challenges. With our ability to implement cross-government 
solutions, we are uniquely positioned to help agencies address 
them. By shifting how the government thinks about delivering 
technology, focusing on the impact on mission and users, 
looking to expertise and innovation in government, and 
collaborating with our industry partners outside of government, 
we can significantly improve Federal technology and ultimately 
how agencies serve the public.
    As long as there is work to be done, software delivery will 
never be done. If we work on these challenges together, though, 
we can build the momentum we need to make sure that when 
Congress enacts a law, when a user has a new need, and a system 
needs to be available, our systems are ready for that change.
    Thank you for the opportunity to be before you today. I 
look forward to answering any questions you may have.
    Senator Hassan. Thank you very much for your testimony.
    Thank you to all three of you for such clear and good 
testimony, and I am going to begin with my round of questions. 
As I indicated earlier, this is a complicated afternoon in the 
Senate. Senators are going to be coming and going from votes 
and may be joining us remotely. The level of attendance is yet 
to be determined is what I am trying to say.
    Let me start with a question to Ms. Hsiang and Ms. 
Martorana. The U.S. Digital Service is known for quickly 
responding to crises when they arise. For example, in the early 
days of the COVID-19 pandemic, the U.S. Digital Service 
assisted agencies with increasing their digital capacity to 
serve the American people.
    But even in the absence of a crisis, the U.S. Digital 
Service is also capable of taking a proactive approach to IT 
modernization and digital transformation that can yield really 
impressive results. For example, the U.S. Digital Service was 
able to collaborate with the Centers for Medicare and Medicaid 
Services (CMS) on its payment processing system. The system was 
more than 50 years old and relied on outdated code, which made 
it difficult to use, costly to maintain, and vulnerable to 
improper payments. But with the help of the U.S. Digital 
Service, CMS modernized its system and migrated it to the cloud 
before it encountered a major system failure or similar crisis.
    Ms. Hsiang, how can the U.S. Digital Service jumpstart 
agency IT modernization and movement away from legacy IT as it 
did with the Centers for Medicare and Medicaid Services?
    Ms. Hsiang. Senator Hassan, thank you so much for that 
question. It is a great one. It boils down to leadership. A 
crisis creates a situation where doing something differently 
from how you have done things in the past suddenly becomes 
absolutely necessary and everyone can agree on that. It creates 
an opportunity for, as Clare noted, show, do not tell, the 
opportunity to do things differently and to see how that 
evolves.
    That said, the same circumstances can be created without a 
crisis through responsible leadership and the executive within 
an agency. If executives truly understand the implications of 
their IT systems through their cooperations, if the executives 
are deeply committed and leaders are deeply committed to 
ensuring that technology systems and technical systems continue 
to support the mission, they, too, can create the circumstances 
where it does not feel risky to do something different but 
instead feels like the appropriate thing to do.
    Senator Hassan. Thank you.
    Ms. Martorana, on the topic of improper payments, how are 
other agencies that manage Federal benefits taking advantage of 
IT modernization, such as cloud computing, to prevent waste, 
fraud, and abuse of taxpayer dollars?
    Ms. Martorana. Thank you for that question. There are 
significant efforts underway across multiple agencies that are 
delivering benefits to, and services to, the public that are 
focused on assuring that the benefits make their way to the 
recipients. There are activities that are going on in 
partnership with Federal agencies and reaching out to States 
where those payments are ultimately delivered in some cases.
    IT modernization: we are doing several different things 
across the Federal enterprise to focus on this. One is a 
concerted effort to do user research, making sure that we 
understand what the problem is that we are trying to solve and 
understanding both the technical, cultural, and business 
process challenges that are often the complex mix that causes 
challenges in operations. We are learning across the Federal 
enterprise.
    One of the unique groups that I have the great fortune to 
work with is the CIO Council, and through that vehicle we share 
these best practices and lessons learned. Recently, a CIO came 
and in the open of a meeting talked about the fragility of a 
system and was seeking the advice of other CIOs to remediate 
the issue. I think we will continue to see both on the digital 
side the collaboration that we all benefit from but also in the 
planning and execution of these large policy efforts that are 
impacting service delivery to the public.
    Senator Hassan. Thank you. I have a question for Mr. 
Zvenyach. While GSA's Technology Transformation Services 
provide a number of innovative tech products and services to 
agencies, I want to specifically discuss the 10x and 
Presidential Innovation Fellows programs. Both of these 
programs are designed to bring in new ideas to enhance 
government IT performance and promote better service delivery. 
Can you explain how the 10x and Presidential Innovation Fellows 
programs work, and what specific innovations have come out of 
these programs that are making government IT work better for 
the American people?
    Mr. Zvenyach. Thank you for the question. I will start with 
10x. 10x is a program that is modeled after best practices 
around private investment, so venture investment, and it uses a 
phased approach to invest in ideas that might scale in 
government technology. One of the lessons that we have learned 
is that not every idea is of equal merit and, frankly, the most 
expensive ideas in government are the ones that think that they 
are great ideas but actually do not bear out.
    Senator Hassan. Right.
    Mr. Zvenyach. The benefit of 10x is that we have evaluated 
over 1,000 ideas, been able to graduate the ones that have the 
most merit into production. Programs like the U.S. Web Design 
System that I mentioned in my testimony serves almost 250 
million sessions per month. That was originally a proposal that 
came through the 10x process, and it allows for almost, I 
think, 80-something agency partners to use that consistent 
experience across the Federal Government. That is the sort of 
thing that comes out of 10x. We are very proud of the work that 
we do largely because it does use the best practices, that 
phased investment approach that you see in private industry, 
and takes that into government.
    In that same vein, the Presidential Innovation Fellows 
program pairs private sector entrepreneurs and innovators with 
public sector leaders. The thesis behind the PIF program, as we 
call it, is to pair PIFs with deputy secretaries, CIOs, CXOs 
across the government and make sure that they are bringing that 
innovation into the government. The interesting plot twist is 
that these PIFs often end up staying in government, and it has 
been a really extraordinary opportunity to bring that 
innovation into the public sector, get them attached to the 
mission that we all know is important, and have them stay and 
really contribute that service to the American people.
    Senator Hassan. Great. One of the projects funded by 10x 
focused on assisting agencies with IT management, budgeting, 
and planning by producing a field guide to what is known as 
agile acquisition, a term of art that I wanted to make sure I 
understood. Agile acquisition allows agencies to test new 
products and work with program developers to incorporate user 
feedback into product design to ensure that the products work 
and meet the agency's needs before the agency makes that kind 
of major investment. I think that is really what you were just 
getting at.
    Talk a little bit more about how agile acquisition saves 
taxpayer dollars and how we can ensure that agencies pursue 
agile acquisition processes as much as possible.
    Mr. Zvenyach. It is such a great question. I think one of 
the things that we often see in procurement is that two things 
are true. One is that there is the tendency to think about 
procurement sort of in silos. In software, we talked about how 
software is a team sport. You want to make sure that everybody 
is on the same team in focus and service delivery on behalf of 
the user. The same needs to be true in procurement. You cannot 
have a contracting officer sitting on the other side of the CIO 
sitting on the other side of the finance sitting on the other 
side of legal.
    Senator Hassan. Yes.
    Mr. Zvenyach. Everyone needs to be on the same team, 
focused on procurement outcomes.
    Agile acquisition is really trying to bring teams together 
so that we are focusing on how do we actually do iterative 
development, how do we actually make sure that we are focused 
on outcomes, not just outputs.
    Senator Hassan. Right.
    Mr. Zvenyach. Outcomes on behalf of the program. Programs 
like 10x create opportunities to both show how it works and 
then also to teach so that we have ability to do once and 
reuse. We are really proud of the work that comes out the 
guides, the derisking guide and the like, and I thank you for 
that question.
    Senator Hassan. It is really important, and again, it gets 
at this whole-of-government approach, sharing information, 
breaking down silos.
    A question for you, Ms. Martorana. The many policies, 
programs, services, and financial resources available to 
agencies seeking to modernize their IT systems can only be 
useful if the agencies are taking advantage of them. Is there 
currently a way to track agency use of the various tools, 
services, and resources that we have been discussing today and 
measure whether they are helping agencies effectively 
modernize?
    Ms. Martorana. Thank you for that question. There are 
numerous planning tools that are in place related to IT 
tracking, cost, scheduling, performance, and IT system 
modernization projects in total: the IT dashboard, the Capital 
Planning and Investment Control (CPIC) process, through FISMA. 
There are many mechanisms that we are using.
    One of the things that is a focus of my office is with so 
many data inputs we want to make sure that we are making the 
best informed decisions with the data. Just gathering data for 
compliance reasons alone and not being able to tie the data to 
a very specific outcome, making sure that we are having the 
greatest impact with the investment dollars that we are given--
and they are taxpayer dollars--we all take that very seriously. 
We want to make sure through those tools that we are looking at 
fraud, waste, and abuse as kind of the cornerstones of good 
business. That is what any good business person does.
    But I do think that there are opportunities for us to get 
better at this. I think that transparency and accountability 
for some of these projects--we have over 700 high-value assets 
in the Federal Government. That is a large data set. I think in 
total we have over 8,000 large IT projects that are active in 
the Federal Government. We are trying to think of ways where we 
can use data and data visualization to drive some informed 
decisionmaking and also help us identify risk earlier in the 
process.
    Senator Hassan. Are there any other things you think you 
need to implement? Essentially, you talked a little bit about 
data collection and possibly tracking how agencies are using. 
But to really implement kind of the assessment function, do you 
feel like you have the tools and it is just a matter of 
directing them correctly, or there are other things you could 
develop or use?
    Ms. Martorana. I think the complexity of this is really 
challenged by some of our funding mechanisms.
    Senator Hassan. OK.
    Ms. Martorana. Single-year funding for projects that are 
complex----
    Senator Hassan. Yes.
    Ms. Martorana [continuing]. Adds quite a bit of burden to 
the process and sometimes forces people to make decisions in 
advance of having a fully validated plan.
    Senator Hassan. Got it.
    Ms. Martorana. I think we also have opportunities and need 
for business process improvement, making sure that to our team 
sport theme today that both program officials, agency 
officials, CIO teams, our procurement colleagues are all 
focused on accomplishing the same end result.
    I think, again, I would kind of go back to funding.
    Senator Hassan. Yes.
    Ms. Martorana. Making sure that we have flexible funding 
vehicles, like TMF----
    Senator Hassan. Yes.
    Ms. Martorana [continuing]. Which is allowing us to move 
out on multi-year modernization projects, but surrounded by a 
team of people that are incented by our collaborative nature to 
hopefully drive a better improvement of the service delivery 
that we are trying to accomplish. I think those things in 
combination are keys, and I think it requires partnership also 
with the Hill for us to be successful.
    Senator Hassan. OK. Thank you.
    I think we are expecting another Senator shortly, but I am 
going to continue along with my questions until she gets here. 
This is a question to all three of you. As part of the American 
Rescue Plan (ARP), the Technology Modernization Fund, 
administered by the Office of Management and Budget and the 
General Services Administration, received $1 billion to 
increase the fund's capacity to assist agencies in achieving 
their IT modernization goals. We touched on this a little bit, 
but in addition the American Rescue Plan also provided funds to 
the IT modernization services and programs at the U.S. Digital 
Service and GSA.
    To date, what projects have these funds supported, what 
benefits are the American people receiving or will receive as a 
result of these projects? Why don't we start with you, Ms. 
Hsiang, and then we will go to Mr. Zvenyach and Ms. Martorana.
    Ms. Hsiang. Thanks for the great question. I would love for 
Clare to speak to the details of the TMF money since she is 
responsible there, but I would add that our funding to 
Information Technology Oversight and Reform fund (ITOR) or to 
USDS-specific programming has enabled a number of programs to 
be staffed and for us to work toward program outcomes.
    In particular, this has enabled our work on 
``www.vaccines.gov'' and the assistance hotline and textline 
associated with that. It has allowed us to do work toward the 
child tax credit in collaboration with Treasury and the Interal 
Revenue Service (IRS). It has enabled work on unemployment 
insurance and modernizing those systems and programs. It has 
enabled our work on unemployment insurance and modernizing 
those systems and programs. It has enabled our work on the 
emergency broadband benefit program at the Federal 
Communications Commission (FCC), work in the social safety net 
benefits programs that are administered by U.S. Department of 
Agriculture (USDA) and FMS, emergency rental assistance at 
Treasury, and then us to support programs at Small Business 
Administration (SBA) around Shuttered Venue Operators Grants 
and Restaurant Revitalization Fund.
    I would note that in addition to helping us directly 
support those specific programs and ensuring that service 
delivery against those programs achieves the intended goals of 
the programs, it also allows us to work in all of those 
agencies on a mission-critical program that is of high 
priority, which allows us show that agency and work closely 
with that agency on implementing new, more modern capabilities, 
to help that agency have an example of what more modern 
capabilities look like.
    As Clare noted before and I also mentioned, a lot of times 
what it takes to sort of--to your first question, what 
motivates change, the mandate to do something new in addition 
to visibility and how to do it differently often creates an 
opportunity for more widespread change within an organization. 
In addition to the direct benefits to these programs, it also 
has allowed us to work closely with and help modernize some of 
the practices at each of those agencies.
    Senator Hassan. Thank you.
    Mr. Zvenyach.
    Mr. Zvenyach. Thank you. I, too, will defer to Clare on the 
TMF, but for our purposes the American Rescue Plan has enabled 
a number of different investments. We also have supported a 
number of specific agency initiatives under the American Rescue 
Plan.
    But because of TTS's unique role to focus on cross-agency 
initiatives and to think about how we might be able to provide 
sort of the reusable aspects, a number of our investments have 
been sort of building on the theme of 10x. We talked about the 
idea of those investments in trying to find what in the venture 
world you would call multiples. Things like the U.S. Digital 
Corps is an investment that we made, and the U.S. Digital Corps 
is an investment in trying to bring in the next generation of 
technology leaders and trying to find early career 
technologists in government. That is the sort of thing that we 
think can have not just immediate effect but transformational 
effect on government.
    Also, investments in the FedRAMP automation. FedRAMP is one 
of the things that we think enabled us to respond to the 
pandemic, frankly, is the ability to use virtual technologies 
and cloud service technologies. Investments in automation in 
FedRAMP and sort of improving the through-put in FedRAMP is 
important.
    We have also made investments in more speculative things. 
There is a project that I like called Pie Spots, and the idea 
with Pie Spots is to say how might we use raspberry pies, which 
are these like tiny little devices to maybe bridge the digital 
divide. There is a number of investments that we are looking at 
that some of which might work, some of which might not. But the 
idea with some of these investments is that we want them to 
have again these returns on investment, really, I think, 
focusing on value, and using these funds in a way that has both 
transparency and accountability but also has real multiples in 
value to the public.
    Senator Hassan. Thank you.
    Ms. Martorana.
    Ms. Martorana. Yes, I really appreciate the congressional 
commitment to IT modernization through the resources made 
available through the American Rescue Plan. The funding 
provided to USDS, GSA, and through the TMF are an investment in 
both our information security and the quality of government 
services. We have received applications for TMF funding from 48 
different agencies or components of agencies, totaling about 
$2.3 billion. We have sent up to Congress for review the first 
seven proposals that are going to be awarded through TMF, and 
two-thirds of them represent cybersecurity. The appropriation 
was for solar winds, mitigating the impact of solar winds and 
the cybersecurity challenges that we are facing, as well as 
challenges that came to light during COVID-19.
    What you will see in the multitude of those project 
proposals is a new way of us looking at how to disburse money. 
We really are trying to be strategic investors, working with 
our agency partners, making sure that we are evaluating these 
programs, obviously, for the greatest risk that they 
potentially have to the Federal enterprise. But also, we are 
looking at the highest probability of success, the highest 
value to the public for some of these, and the highest impact 
to security outcomes.
    The focus that we have been able to use, a tool that was in 
the original appropriation but was not utilized previously, but 
we felt the emergency need of solar winds and the COVID-19 
pandemic really warranted us focusing on payment flexibility. 
We issued guidance on payment flexibility and have had a 
significant number of proposals come in requesting that due to 
the urgent need of those agencies asking for that.
    The investment portfolio guidance that we gave out focused 
on high-value assets----
    Senator Hassan. Right.
    Ms. Martorana [continuing]. Again, really in the swim lane 
of IT modernization. Public-facing digital services, shared 
services, and cybersecurity. As I said, about 75 percent of the 
project proposals that have come in have had a primary or 
secondary cybersecurity focus.
    Senator Hassan. Thank you. I appreciate that very much.
    I am now going to turn to my colleague, Senator Rosen, for 
her round of questions.

               OPENING STATEMENT OF SENATOR ROSEN

    Senator Rosen. Thank you, Chair Hassan, and thank you for 
holding your second hearing on the important issue of the 
Federal Government's IT modernization.
    This may not seem like the most exciting topic to some 
people, but as a former computer programmer, I know how 
important it is to get this right. This is not just about IT. 
It is about making sure that when not just Nevadans but all 
Americans, when they interact with their government because 
they are waiting on a tax refund, a Social Security payment, 
trying to renew a passport, applying for a grant, they know it 
is the technology that makes it possible for them to access and 
get what they need from the Federal Government.
    It is the responsiveness of the government, the security 
that hopefully we can provide. Glad to hear about those 
cybersecurity projects. It really allows us, if we modernize, 
to deliver those services that people really need.
    As Chair Hassan has pointed out, modernizing IT across the 
Federal Government also has the potential to save millions of 
dollars in taxpayers' funds. It is really the responsible thing 
to do. I want to thank the Chair again. I want to thank all the 
witnesses for your time today and, of course, for what you are 
doing every single day.
    I want to talk a little bit about IT Centers of Excellence. 
Mr. Zvenyach, I am interested in the IT modernization Centers 
of Excellence that GSA established in 2017, that Senators 
Portman and Hassan worked to codify in 2020. The goal of the 
centers is to connect private industry with government agencies 
to achieve their IT modernization goals. Can you give us an 
update on the progress that GSA is making with these Centers of 
Excellence, and what resources do you think you need to make 
them more effective or tweak them? How do we build on the 
success?
    Mr. Zvenyach. Great. Thank you. Thank you for that 
question. We are very proud of the work that we have done with 
the Centers of Excellence. We heard one example earlier with 
the OPM.
    Another example that I think is just a wonderful example is 
with the work that we have done with the U.S. Department of 
Agriculture. We had just an extraordinary partnership there. We 
were able to increase approvals by almost 3.5 percent, save 
tens of millions of dollars in annual cost avoidance by 
eliminating 31 out of 37 data centers, by providing better 
experience in terms of things like AskUSDA, really working to 
improve both the data, the governance, and just the overall 
user experience with the Department of Agriculture. Our 
partnerships really with a number of agencies with the Centers 
of Excellence have been something that we are really proud of 
and something that we continue to invest in.
    I think where we see opportunity for the Centers of 
Excellence--and I think this is true across the board--is two 
things. One, we know that we need partners on the other side, 
who understand that these are complex challenges. As Mina said 
earlier, it really does require leadership to create those 
conditions for change. Obviously, in an emergency, everyone is 
ready to jump to the fray and to make those conditions, but 
unless there is another partner on the other side who is 
willing to make the changes that they need to make it does not 
really stick. The Centers of Excellence have done extraordinary 
work with our partners, but we need to always make sure that we 
have partners on the other side that have really clear 
understanding of their challenges.
    Maybe they do not have answers. In fact, usually it is 
better if they do not have answers because sometimes they have 
preconceived notions about what might work. But if we have a 
clear understanding this is the problem that you are trying to 
solve, then we can come to the table and help bring our 
expertise and pair with their expertise to get it done.
    The other thing that I will note is that one of the 
perpetual challenges with this is that we bring in 
extraordinary technologists. The last thing that we need to be 
doing is to be worrying about how we are going to deal with 
this interagency agreement and that interagency agreement and 
funding things. As we said, nobody really cares about the color 
of money. We just want to get to work and help people get these 
problems solved.
    I think that is the thing that we really need to figure out 
is how do we make it easier for technologists to focus on the 
challenges, to work across our agency boundaries because the 
public does not care about these boundaries and neither do the 
technologists. They just want to work together to solve these 
important problems.
    I think that is incumbent on leadership. It is incumbent on 
our partnership with Congress. It is obviously important for 
our relationship with OMB and beyond.
    Senator Rosen. I could not agree more. You set me up 
perfectly for my next question because I was going to talk 
about the success of the Department of Agriculture that you 
have really had there. How can other agencies use this USDA 
model for IT modernization? Because what you have been talking 
about is just phenomenal.
    Mr. Zvenyach. It is a great example. What I should say is 
that for every USDA there is another one. Right?
    One of the great things about USDA is we had extraordinary 
partnership and leadership over at the U.S. Department of 
Agriculture. Gary Washington, the CIO there, was an 
extraordinary leader. We had folks sort of all the way up and 
down the chain who were excited about the mission and who 
understood that this was not going to be easy. It was going to 
require a commitment to users. It was going to require some 
iterative development. Closing down 31 data centers does not 
happen overnight.
    Senator Rosen. Right.
    Mr. Zvenyach. It takes sustained investment, and it 
requires sustained attention and focus. I think that as we look 
to other agency partners, what we need them to understand is 
that when they show up we also expect this to be a long-term 
partnership and something that they and we are not coming to 
the table for a quick fix. This is not this thing that you say, 
``OK, I have solved it. We have moved on.'' This is a long-term 
investment because the work is not done until software works 
for the public.
    Senator Rosen. Thank you. I would like to briefly touch on 
cybersecurity. You said two-thirds of the requests so far, 
proposals out there, were for cybersecurity projects because we 
absolutely need to make sure that cybersecurity is part of it. 
There are multiple, always multiple, points of, I suppose, 
interception from hackers that are out there. Maybe that is the 
best way to put that. As we modernize these legacy IT systems, 
we have to really be sure that we are protecting the taxpayers 
who rely on government services.
    Ms. Martorana, can you tell me what services your agencies 
provide related to cybersecurity, and how do you ensure that 
agency modernization plans pay sufficient attention to 
sustaining cybersecurity? The sustainment. It is one thing to 
go in first, but it is, as you said, iterative development. You 
have to continue to do it over and over again.
    Ms. Martorana. Yes, cybersecurity. There was a wonderful 
hearing here last week with three Federal leaders: Mr. Inglis, 
Ms. Easterly, and Mr. DeRusha. I do not think we could have a 
better team of people focused on cybersecurity for the Federal 
enterprise.
    We focus in IT modernization through the cybersecurity 
executive order that came out. We assigned 23 tasks to Federal 
agencies related to cybersecurity.
    One of the really collaborative ways that we are trying to 
focus on this is through the guidance that we just issued on 
zero trust. What we have recently undertaken is a public 
comment, a period of public comment, on the zero trust strategy 
that we put out, and we found we received over 100 comments in 
the 2 weeks that this was available for the public, from 
industry, from private citizens, and from Federal employees. We 
got a great, diverse set of comments that are actually going to 
make our strategy more actionable for Federal agencies. I think 
that type of collaborative and open perspective on 
cybersecurity is what is needed for us to keep our projects 
safe and secure.
    In the Technology Modernization Fund, as I mentioned, the 
75 percent, we are doing something that is a best practice in 
the Federal Government and in the private sector, which is we 
are picking projects that not only have the greatest chance of 
success but that we can also build playbooks off of, so that we 
can repeat--every agency is trying to get to a basic level of 
zero trust, which basically means not trusting any traffic 
inside your network, constantly validating to make sure that 
you are not just securing the perimeter, but you are making 
sure that you are watching every transaction that happens 
within the network.
    By trying to get us to that base level of zero trust, we 
are applying that to every IT modernization project that we 
undertake. Things have to be secure by design. Security is not 
an afterthought.
    Senator Rosen. Right.
    Ms. Martorana. Security cannot be something you bolt on or 
it is someone else's responsibility. It is a core part of the 
way that we do software development, that we build projects, 
and that we will approve plans that come before the TMF board.
    Senator Rosen. Thank you for that. I agree. I am very happy 
to hear about the public comment because if you do not ask 
people on the ground what they need--the goal of writing good 
software is to give people what they actually need, not what 
someone thinks they need. I think that is a great way to go.
    Madam Chair.
    Senator Hassan. Thank you very much, Senator Rosen.
    I am going to turn now to Senator Ossoff, who is joining us 
virtually.

              OPENING STATEMENT OF SENATOR OSSOFF

    Senator Ossoff. Thank you, Madam Chair. Thank you to our 
panel.
    Reflecting on the performance of the rental assistance 
program that Congress passed in the American Rescue Plan Act, 
to help families stay in their homes during the pandemic, and 
how that rental assistance then was meant to be distributed via 
a patchwork of counties, municipalities, and State governments, 
the complexity of execution left many local governments unable 
to rapidly scale the technical infrastructure necessary to 
solicit and receive applications, to process them, and to 
deploy funds. It defies reason, in my opinion, that we would 
ask thousands of jurisdictions around the country to replicate 
the production of new technical infrastructure where, clearly, 
they do not have the capacity, and the need was urgent.
    My question for you to begin with, Ms. Martorana, is: Could 
you reflect on how we might be able to centralize much of that 
activity so that we can scale an effort like that swiftly and 
improve ease of use for the customer, in this case, a tenant or 
a landlord seeking to access rental assistance and to make it 
easier for local government partners to stand up new programs 
like this in emergencies?
    Ms. Martorana. Thank you very much for that question. In my 
opening testimony, I focused on designing with users, not for 
users. One of the most critical parts of designing software 
products and services is making sure you understand the problem 
you are trying to solve. it is absolutely critical that we do 
this most foundational step in every single leg of service 
delivery, whether it is starting at the Federal level and then 
being dispensed to States and then local--municipal and local 
governments. That is a key focus of all of ours related to 
service delivery.
    Senator Ossoff. Thank you, Ms. Martorana, and that is an 
admirable principle, and I am sure that one, when applied, 
results in better outcomes. But let us think a bit more here. 
What is your reaction to the idea that when we, Congress 
creates such a program and seeks to rapidly deploy, for 
example, rental assistance resources across the country, we 
would make an API or a piece of software or a ready-to-use 
commercial solution available to those States or counties. Or, 
move in the opposite direction, from downstream to upstream, by 
allowing those counties to plug into a Federal system.
    Designing with users, that is a great principle, but can 
you please comment on this specific case and how the Congress 
could have better designed this program and how we can work 
with executive agencies to make it easier to rapidly deploy 
resources, to integrate with State and local governments, on a 
project such as the rental assistance program.
    Ms. Martorana. Yes. I do not have as much detailed 
information on the rental assistance program specifically, but 
I think I can really touch on the point that you are trying to 
make about us using modern technology solutions to deliver 
better services to the public. Application programming 
interfaces, APIs are something that can be developed from 
legacy systems. You do not need to have a totally modern tech 
stack in order to use some of these more modern, best practice, 
development capabilities. They would deliver better services 
downstream to State and local governments.
    But I think that you are onto something that is a very 
important part of how we are thinking across the Federal 
Government, and possibly my colleagues might be able to jump in 
on this as well because that is a method that is tried and 
true. We used APIs off of legacy systems at the Department of 
Veterans Affairs (VA) in order to give veterans, caregivers, 
and their families the services that they deserved. This is a 
process that is possible. It is utilized every single day 
across government and in the private sector. I just cannot 
speak specifically to the rental assistance use case.
    Senator Ossoff. Thank you, Ms. Martorana. I would welcome 
and invite your colleagues to weigh in, maybe sequentially down 
the table, on this point. What I am asking you to do is to help 
the Committee envision the design of systems, technology, and 
implementation for a case such as the one that I raised and 
that we are discussing.
    Senator Hassan. Why don't we start with Mr. Zvenyach and 
then go to Ms. Hsiang.
    Mr. Zvenyach. Great. Thank you. I think a couple of things 
to note. The first is that sort of, as Mina said in her 
testimony and it is similar to what Clare is describing, I 
think one of the challenges that we confront with something 
like the program you are describing is that the public does not 
care about our organizational boundaries. They do not care that 
I am part of GSA and Clare is part of OMB and that the 
Department of Housing and Urban Development (HUD) is HUD. They 
just do not care. They do not care that a county is part of a 
State or that the State is unrelated to the Federal Government. 
They just want the program to work.
    But our technology systems are built around the funding 
flows that go from agency to agency, or agency to county, or 
agency to State. What we need to do is we need to find a way to 
connect the technologists to each other without having it be 
totally dependent on saying, OK, I am optimizing for my agency, 
I am optimizing for my thing, and instead, start to have better 
conversations about how we can collaborate across those 
boundaries.
    That is, frankly, the shift that we need to make as a 
government is that we have to stop centering around our org 
chart, stop centering around how we organize ourselves, and 
start organizing around how we can best deliver for the public 
because the public does not care about our org chart. They care 
about their service delivery. What we have to be doing is to 
reorganize our work and reorienting our efforts in order to 
best service, to deliver.
    To specifically answer the question, the thing that we 
would need to do is to be able to work with Congress when you 
are enacting legislation to understand the program design and 
make sure that we are aligning the money flows and also 
aligning the technologists that are going to be working on this 
at the same time that you are putting the policy in place 
because the policy and technology cannot be sequential. It 
cannot be that you pass a law and then the technology comes in 
far afterward because if the technology cannot implement the 
policy then it will not work. When Congress passes a law, if 
the technology does not implement it, it is not a successful 
program. We have to be able to work with Congress in order to 
make sure that the systems do what Congress wants it to do.
    Senator Hassan. Thank you.
    Senator Ossoff. Thank you.
    Ms. Hsiang.
    Ms. Hsiang. Thank you, Senator Ossoff. I agree with the 
statements of my colleagues here and would just add that 
developing technology to support a specific outcome or to 
support a specific program is an inherently iterative process. 
We need to identify what the specific outcomes we are targeting 
are and then run sort of an iterative process to identify the 
right approaches that take into account the systems that are 
currently in place, that take into account the capabilities of 
players at various levels, and that take into account the 
realities of State and local government, intermediaries, 
grantees, and the public who is looking to interact with those 
systems and how they plan and want to engage and their capacity 
for doing so.
    To sort of agree with what Clare said, I think it is very 
important to focus on what the outcomes are for our specific 
users. In this case, there are two different sets of users, 
State and local grantees, and also the public.
    Then I think as Dave notes, it is important for us to be 
part of that iterative process. By ``us,'' I do not necessarily 
mean us USDS, but I mean technologists.
    If you are looking to design--if you, the Hill, if you, 
Congress, are looking to develop legislation with a specific 
outcome objective that can be enabled by technology, the best 
way to ensure that you achieve the outcomes that you are 
looking for is to engage technologists in an iterative process 
and along the way, as you are developing that legislation, to 
ensure that the program design is possible to be executed with 
technology at the various levels.
    Senator Ossoff. Great insight. Thank you.
    Thank you, Madam Chair. I yield back.
    Senator Hassan. Thank you.
    Senator Hawley.

              OPENING STATEMENT OF SENATOR HAWLEY

    Senator Hawley. Thank you, Madam Chair. Thanks to the 
witnesses for being there.
    Ms. Martorana, can I start with you. You write in your 
testimony that no two agencies are the same and the different 
agencies are in different points when it comes to IT 
modernization. I would be curious that what in your view are 
the specific agencies that right now have the greatest 
modernization needs?
    Ms. Martorana. Sorry about that.
    Senator Hawley. That is OK. It is hard to see the red 
light.
    Ms. Martorana. Thank you for the question. I do not know 
that I could answer that specifically. I work with CIOs every 
single day, and we work on numerous projects related to their 
portfolios. Some have some cybersecurity challenges that they 
are focused on, but I do not think wholesale that it would be 
easy for me to point out a specific agency.
    Senator Hawley. Let me flag one for you. In a previous 
hearing on this same topic, we learned that the Treasury 
Department's age--the system that the Treasury uses to hold 
taxpayer information, is 51 years old, if I have my facts 
right. In addition to that, we have asked a lot of this system 
over the past year to distribute pandemic aid in an 
unprecedented manner. Let me ask you, to what extent is 
Treasury's IT modernization a priority for the administration?
    Ms. Martorana. It is a large priority. I was actually on 
the phone with the CIO several days ago, working on this very 
matter. One of the things that I said in my opening testimony 
is while it is easy for us to think about technology, legacy 
technology, from an age perspective, we try to focus on it from 
a risk perspective. Can something meet the policy needs that 
are being written, and can we actually deliver for users? Can 
we patch the system should there be a security issue?
    Not all legacy systems are--all of them, if we had a magic 
wand, I would want us to have the most modern technology across 
government wholesale, full stop. But we have to prioritize with 
the dollars that are allocated to each agency, to prioritize 
the systems that are at greatest risk, might not be able to be 
patched, have availability issues where they might go down.
    In working with the CIO of Treasury, those are the 
conversations that we are trying to have to make sure their 
high-value assets are prioritized the right way for the right 
investment and to accelerate their IT modernization journey.
    Senator Hawley. Very good. Just on this same point, do you 
have a sense of what reasons Treasury and the IRS have given 
for why modernization activities have been delayed in the past, 
in other words, why we are where we are?
    Ms. Martorana. I think some of the complexity is some of 
the policy initiatives that we undertake as a Federal 
Government that requires us to reprogram some of our systems. 
Some of those foundational items at Treasury went through 
reprogramming for the Affordable Care Act (ACA). Then they went 
through, just recently, reprogramming for PPP or for COVID--
other COVID relief, ARP relief. Some of those systems we are 
prioritizing operational need versus long-term modernization 
opportunities.
    A lot of these are not only intricately designed within the 
agency itself. Some of them deliver services to other agencies. 
Making sure that you can sequence your modernization projects, 
do them in bite-size chunks, so that you are not trying to boil 
the ocean at one time, are all part of the complexities that 
CIOs deal with on a daily basis and on an annual planning 
basis.
    Senator Hawley. Very good. That is helpful. That is really 
helpful.
    Let me ask you about a GAO report issued in June 2019 to 8 
different Federal agencies with legacy systems. The report had 
recommendations that identified and documented modernization 
plans for their systems, but as of earlier this year, if I am 
not mistaken, seven of those eight had not yet implemented the 
GAO's recommendations going on over 2 years now. I just want to 
ask if the implementation of these findings is a priority for 
you and the administration and what you are doing to ensure 
that those recommendations get implemented.
    Ms. Martorana. Yes, IT modernization plans are our 
priority. I have been working with GAO closely to understand 
the baselining of their reporting and what we need to do to 
partner together to support those agencies on their journey.
    Senator Hawley. Very good. Thanks so much for being here.
    Thank you, Madam Chair.
    Senator Hassan. Thank you very much, Senator Hawley.
    I appreciate the testimony of the witnesses so much. I 
appreciate your work and your service.
    We are in the middle of a vote. I do have a couple of more 
questions, and I will ask you to be relatively brief in your 
responses, and then we will wrap up the hearing so I can go 
vote.
    Ms. Martorana, I wanted to follow up with you. We talked 
about how making sure there is flexibility for repayment for 
the Technology Modernization Fund is important, but in addition 
to expanding access to the TMF it is important that Congress 
authorize agencies to transfer money into working capital 
funds. The Modernizing Government Technology Act, which was 
passed in 2017, authorized agencies to establish IT working 
capital funds to provide a flexible source of funding for long-
term IT projects from within the agency.
    However, the Modernizing Government Technology Act did not 
include authority for agencies to move money into these 
accounts, which leaves these critical funding mechanisms 
unavailable to most agencies. In fact, only the Small Business 
Administration has received authority to transfer money to its 
IT working capital fund in order to pay for ongoing IT 
modernization projects.
    How is the Office of Management and Budget working with 
agencies that are seeking the transfer authority to ensure that 
congressional authorizers and appropriators will support these 
requests?
    Ms. Martorana. Thank you for that question. We are 
supportive of legislative fixes that would help agencies use 
these innovative funding models, including working capital 
funds. It is really essential. As we noted earlier, 1-year 
money or having real restrictions on the funding that is being 
provided to agencies, to move out on these multi-year projects, 
is really challenging.
    Senator Hassan. Yes.
    Ms. Martorana. We are working closely with our CIO 
colleagues and across OMB on utilizing it. But there might be 
the need for some legislative fixes, and I really look forward 
to working with you and the Committee on those.
    Senator Hassan. We would really look forward to all of you, 
as you identify this type of issue, really letting us know 
about them as soon as possible so we can work to make sure that 
the agencies have the kind of authorities that they need.
    Because we are running up on a vote, I am going to ask one 
wrap-up question. I am going to ask each of you to respond to 
it, and I am going to be a little unfair here and ask each of 
you to try to keep your response to about a minute.
    At our April hearing, I concluded by asking each witness 
what in their opinion is the greatest challenge presented by 
the use of legacy IT systems. Today, our conversation is 
focused on solutions for modernizing legacy IT. As we conclude, 
I would like each of you to describe what in your view is the 
most important thing agencies should be doing to modernize 
their outdated and obsolete IT systems. We will start with Mr. 
Zvenyach. Then we will go to Ms. Martorana, and then we will go 
to Ms. Hsiang.
    Mr. Zvenyach. I think the first thing that agencies should 
do is not try to go it alone. If agencies try to do this by 
themselves, if they try to focus on their particular solutions 
in their own way, they are going to find themselves in a much 
harder place.
    If we work as a team, if we work across our agency 
boundaries, we reuse the things that are available, we use the 
playbooks that are created, we use the shared services that we 
have and invest in those shared services, we focus on our 
users, we work in iterative ways, we do not let the things that 
have historically left us in a position of saying ``This is how 
we have always done it'' and instead say ``This is what is 
actually important for the public,'' then we are going to be in 
a better position to actually modernize these systems.
    Senator Hassan. Thank you.
    Ms. Martorana.
    Ms. Martorana. Yes, I would say continuing to move out on 
the planning journey. I think, to Dave's really good point, not 
going it alone. While our agency missions are completely 
unique, we are dealing with many of the same problems at every 
single agency.
    What we try and do through the CIO Council is work on 
collaboration, sharing information very openly, making sure 
that we understand what problem someone is trying to solve. We 
share everything from wholesale planning and financial data to 
playbooks, as Dave mentioned, and configuration settings for 
software, to be able to move out faster. We are working on a 
project through the CIO Council of connecting agencies, 
calendaring functionality so we can schedule meetings more 
easily. While they seem like simple things, spinning up those 
kinds of collaborative activities I think is going to be 
absolutely key to us continuing this modernization journey.
    Senator Hassan. Thank you so much.
    Ms. Hsiang.
    Ms. Hsiang. Thank you. I would say that for agencies to 
make the most progress on their modernization journey there are 
a few key components. First, to recognize that it is a journey 
and the best approach is to take it in chunks. Everything is 
lower risk. This is what we have seen work across industry. 
Doing it piece by piece is critical, and not trying to do any 
big bang or blanket modernization, but instead to think about 
it as a stepwise process and journey that you are embarking on.
    Second would be to think about the personnel and engage in 
some new approaches for hiring to ensure that you have the 
right personnel for the expertise that is required at every 
step of this journey. There are many different competencies 
that are required. Director Easterly said it well; we need to 
help agencies move to competency-based hiring. I think that 
that will help support modernization--them on their 
modernization journeys as well. There are some key things that 
they can do that we are happy to share.
    Finally, I would encourage them to focus in thinking about 
the right approaches for procurements to support that 
modernization. The right approaches are some of the things that 
Dave has spoken about, that Clare has spoken about. They need 
the types of flexible and iterative procurements that support 
the modernization that they are looking to accomplish and to 
support that stepwise and iterative approach they are looking 
to take.
    Senator Hassan. Thank you so much. I want to thank all 
three of your for your time, for your testimony this afternoon. 
Thank you for really valuable insights on this topic and your 
contributions to improving Federal IT systems in a fiscally 
responsible way.
    I want to thank you for your service to our country. It is 
really important, and you have really shone an important light 
this afternoon on the progress we have made and the progress we 
can continue to make.
    I look forward to continuing to work with this 
administration on encouraging use of existing IT modernization 
tools and resources to secure IT systems and deliver government 
services more effectively, as well as to coordinate on ways 
that Congress can fill the gaps to achieve the ultimate goal of 
saving taxpayer dollars and improving service to our taxpayers, 
too.
    The hearing record will remain open for 15 days, until 5 
p.m. on October 13th, for submissions of statements and 
questions for the record.
    This hearing is now adjourned.
    [Whereupon, at 3:46 p.m., the Subcommittee was adjourned.]

                            A P P E N D I X

                              ----------                              

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 [all]