[Senate Hearing 117-167]
[From the U.S. Government Publishing Office]
S. Hrg. 117-167
EXISTING RESOURCES AND INNOVATIONS NEEDED
TO REPLACE LEGACY IT AND SAVE TAXPAYER DOLLARS
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON
EMERGING THREATS AND SPENDING OVERSIGHT
OF THE
COMMITTEE ON
HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
ONE HUNDRED SEVENTEENTH CONGRESS
FIRST SESSION
__________
SEPTEMBER 28, 2021
__________
Available via the World Wide Web: http://www.govinfo.gov
Printed for the use of the
Committee on Homeland Security and Governmental Affairs
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
__________
U.S. GOVERNMENT PUBLISHING OFFICE
46-705 PDF WASHINGTON : 2022
-----------------------------------------------------------------------------------
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
GARY C. PETERS, Michigan, Chairman
THOMAS R. CARPER, Delaware ROB PORTMAN, Ohio
MAGGIE HASSAN, New Hampshire RON JOHNSON, Wisconsin
KYRSTEN SINEMA, Arizona RAND PAUL, Kentucky
JACKY ROSEN, Nevada JAMES LANKFORD, Oklahoma
ALEX PADILLA, California MITT ROMNEY, Utah
JON OSSOFF, Georgia RICK SCOTT, Florida
JOSH HAWLEY, Missouri
David M. Weinberg, Staff Director
Zachary I. Schram, Chief Counsel
Pamela Thiessen, Minority Staff Director
Andrew Dockham, Minority Chief Counsel and Deputy Staff Director
Laura W. Kilbride, Chief Clerk
Thomas J. Spino, Hearing Clerk
SUBCOMMITTEE ON EMERGING THREATS AND SPENDING OVERSIGHT
MAGGIE HASSAN, New Hampshire, Chairman
KYRSTEN SINEMA, Arizona RAND PAUL, Kentucky
JACKY ROSEN, Nevada MITT ROMNEY, Utah
JON OSSOFF, Georgia RICK SCOTT, Florida
JOSH HAWLEY, Missouri
Jason Yanussi, Staff Director
Peter Su, Fellow
Greg McNeill, Minority Staff Director
Adam Salmon, Minority Research Assistant
Kate Kielceski, Chief Clerk
C O N T E N T S
------
Opening statements:
Page
Senator Hassan............................................... 1
Senator Rosen................................................ 14
Senator Ossoff............................................... 17
Senator Hawley............................................... 20
Prepared statements:
Senator Hassan............................................... 25
WITNESSES
Tuesday, September 28, 2021
Clare Martorana, Federal Chief Information Officer, Office of
Management and Budget.......................................... 3
Mina Hsiang, Administrator, United States Digital Service, Office
of Management and Budget....................................... 4
V. David Zvenyach, Director Technology Transformation Services,
U.S. General Services Administration........................... 6
Alphabetical List of Witnesses
Hsiang, Mina:
Testimony.................................................... 4
Prepared statement........................................... 31
Martorana, Clare:
Testimony.................................................... 3
Prepared statement........................................... 27
Zvenyach, V. David:
Testimony.................................................... 6
Prepared statement........................................... 36
APPENDIX
Responses to post-hearing questions for the Record:
Ms. Martorana................................................ 42
Ms. Hsiang................................................... 46
Mr. Zvenyach................................................. 51
EXISTING RESOURCES AND INNOVATIONS
NEEDED TO REPLACE LEGACY IT AND SAVE TAXPAYER DOLLARS
----------
TUESDAY, SEPTEMBER 28, 2021
U.S. Senate,
Subcommittee on Emerging Threats and
Spending Oversight,
of the Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Subcommittee met, pursuant to notice, at 2:30 p.m., via
Webex and in room 342, Dirksen Senate Office Building, Hon.
Margaret Wood Hassan, Chairwoman of the Subcommittee,
presiding.
Present: Senators Hassan, Rosen, Ossoff, Scott, and Hawley.
OPENING STATEMENT OF SENATOR HASSAN\1\
Senator Hassan. This hearing will come to order. Good
afternoon and welcome to our distinguished panel of witnesses.
Thank you for appearing today to discuss the resources and
services available to agencies seeking to modernize their
outdated and obsolete legacy information technology (IT)
systems.
---------------------------------------------------------------------------
\1\ The prepared statement of Senator Hassan appears in the
Appendix on page 25
---------------------------------------------------------------------------
There is a lot to discuss today: how Congress can
supplement these resources in order to accelerate
modernization, hold agencies accountable to their modernization
plans, and reduce the Federal Government's reliance on aging
technology.
Also critical here is, of course, ensuring that in all of
these efforts we are staying focused on saving taxpayer
dollars. This is critically important because we know that
outdated technology fails to serve the American people and is
insecure against sophisticated cyber attacks. It also wastes
billions in taxpayer dollars every year due to poor procurement
actions, improper payments, and expensive contractors needed to
operate and maintain aging systems.
I also want to thank Ranking Member Paul, who is unable to
join us today, and his staff for working with me on this
hearing and, more broadly, on our ongoing efforts to curb
wasteful spending. Just last week, we introduced the 2021
edition of Acting on the Annual Duplication Report Act, which
would implement recommendations made to Congress by the
Government Accountability Office (GAO) to eliminate wasteful
duplication, fragmentation, and overlap across the Federal
Government. I look forward to working with Ranking Member Paul
and all of my colleagues to move that bill forward.
Today's hearing builds on a hearing this Subcommittee held
in April that focused on the issues that are holding agencies
back from realizing significant cost savings, increased
security, and greater service delivery by modernizing their
systems. The question we are asking today is: How are these
agencies using existing tools and resources to transform their
aging technology, and what can Congress do to fill the gaps
that may remain?
At our previous hearing, former Federal agency chief
information officers (CIO) and a Government Accountability
Office expert on Federal IT management discussed the costs and
challenges that legacy IT systems present. We learned that
detailed IT modernization plans are critical to an agency's
long-term success in updating IT and budget for capital
projects. We learned that funding mechanisms, such as the
Technology Modernization Fund (TMF) and agency working capital
funds, need to be improved to accommodate multi-year
modernization efforts. Most importantly, we learned about the
impact that the Federal Government's aging IT infrastructure
has on the American people.
Despite some challenges, agencies have a tremendous
opportunity to modernize these outdated systems and, in turn,
make government more effective and efficient. Over the course
of the pandemic, we saw chief information officers across the
government quickly equip their agencies to work remotely.
Congress and the Executive Branch have made more financial
resources available to agencies to upgrade their IT systems
than ever before, and there are programs and policies in place
to assist agencies in taking their aspirations and turning them
into achievements.
Lending their expertise and insights on what more we can do
to address the challenges we face is our panel of very
accomplished witnesses, consisting of the Federal Chief
Information Officer, the Administrator of the U.S. Digital
Service (USDS), and the Director of Technology Transformation
Services (TTS). I look forward to hearing from all of you today
about your work to assist agencies in reducing their reliance
on costly, outdated, and obsolete technology.
Now, it is the practice of the Homeland Security and
Governmental Affairs Committee (HSGAC) to swear in witnesses.
If you will please stand, and even stand in your virtual
environment, that would be great, and please raise your right
hands. Do you swear that the testimony you give before this
Subcommittee will be the truth, the whole truth, and nothing
but the truth, so help you, God?
Ms. Martorana. I do.
Ms. Hsiang. I do.
Mr. Zvenyach. I do.
Senator Hassan. All three witnesses have answered in the
affirmative. Thank you all. Please be seated.
I will now introduce our witnesses. Our first witness today
is Clare Martorana. Ms. Martorana is the Federal Chief
Information Officer and leads the Office of Electronic
Government and Information Technology at the Office of
Management and Budget (OMB). Before joining the Biden
Administration in her current role, she served as Chief
Information Officer for the Office of Personnel Management
(OPM), where she led the Agency's efforts to improve security
and operations. Ms. Martorana joined the Federal Government in
2016 but has spent over 2 decades working to make information
accessible to the public through digital innovation.
Welcome, Ms. Martorana. You are recognized for your opening
statement.
TESTIMONY OF CLARE MARTORANA,\1\ FEDERAL CHIEF INFORMATION
OFFICER, OFFICE OF MANAGEMENT AND BUDGET
Ms. Martorana. Chair Hassan, Ranking Member Paul, Members
of the Subcommittee, thank you for the invitation to testify
today on information technology. It is my pleasure to be here
with my colleagues, Mina Hsiang and Dave Zvenyach. On a daily
basis, the three of us work together and collaborate, and
frankly, that is what it is going to take to make the best use
of taxpayer dollars to deliver a seamless and secure customer
experience for the American people.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Martorana appears in the Appendix
on page 27.
---------------------------------------------------------------------------
It is important to note that not all old systems are legacy
and old does not always mean bad, antiquated, risky, or in need
of retirement. The legacy technology I am most concerned with
are systems that are out of support, cannot be patched, have
availability issues, or cannot meet user needs or policy goals,
systems whose security cannot keep pace with our adversaries.
With a secure system, even when deemed legacy, we can still
deliver modern customer experiences to the public. Teddy
Roosevelt said, ``Do what you can, with what you have, where
you are.'' I am happy to report that we can do a great deal
across government with what we have, but what we need to do is
work differently.
Securing and modernizing Federal IT is a team sport, and
here is what we can do now. Agency investments should be
aligned to an enterprise IT and cybersecurity modernization
plan. Technology and data enable each agency to execute on its
mission for the American people, and they must be secure. An
enterprise operating model requires all agency and program
leadership to work together to achieve successful investment,
deployment, and sustainment of modern, secure technology. We
must put our customers at the center of everything we do,
simply put, designing with users, not for them. We are
establishing a culture in government that is mindful of
customer experience in delivering agency missions.
Using incremental software development, we can show our
colleagues across government that service improvements are
possible even within a legacy IT environment, and we must show
and not tell. By delivering minimally viable products, we are
able to get working software into the hands of users early and
give design and development teams the opportunity to adjust
based on user feedback about the services. By learning quickly
what works and what does not, we reduce the risk of failure and
can deliver higher quality, secure services to the public.
It will take an enterprise mindset to get there. When I
became the CIO at the Office of Personnel Management, I was the
seventh CIO in 7 years. The Agency was facing an uncertain
future and had a number of critical IT challenges, including
mainframe legacy technology that held crucial data for our
Nation. We knew we would not be able to solve the multitude of
problems we were facing alone.
I reached out to a colleague and now friend, the CIO of the
General Services Administration (GSA), who immediately provided
top technologists from his team to join mine, fill critical
gaps, and help assess the situation. We realized we needed the
specialized skills of another group of tech talent, the United
States Digital Service, who have within their capability set
the ability to rapidly assess critical infrastructure, identify
insecure vulnerabilities, and recommend a path forward. From
there, my colleagues at OMB provided historical context on
previous investments and helped develop a financial strategy
and path forward. Our team also engaged with GSA's Centers of
Excellence (CoEs) in conducting an options analysis for the
work ahead. This ultimately led to successful procurement of
new supportable mainframe technology and its relocation to
modern state-of-the-art data centers.
These successes would not have been possible if I stayed in
my silo. It took the combination of internal and external
forces, technical talent, budget management officials, legal,
privacy, finance, human resources (HR), acquisition, agency
leadership, and legislative affairs colleagues, and many others
to create the momentum we needed to stabilize, secure, and
modernize operations.
In conclusion, every single group I have met across
government wants to be part of the solution, and I am planning
on taking them up on their offer. I look forward to working
with you and our key stakeholders so we can be successful on
this IT modernization journey.
Thanks for the opportunity to be here today, and I look
forward to your questions.
Senator Hassan. Thank you so much for your testimony.
We are now going to turn to our witness who is appearing
virtually, Mina Hsiang. Ms. Hsiang was recently named
Administrator of the U.S. Digital Service within the Office of
Management and Budget. She has worked as part of the U.S.
Digital Service team on several previous important projects,
such as rolling out ``www.vaccines.gov'' in response to the
Coronavirus Disease 2019 (COVID-19) pandemic. She brings with
her many years of experience in the private sector, working on
digital innovation and customer service to her role as
Administrator.
Welcome, Ms. Hsiang. You are now recognized for your
opening statement.
TESTIMONY OF MINA HSIANG,\1\ ADMINISTRATOR, UNITED STATES
DIGITAL SERVICE, OFFICE OF MANAGEMENT AND BUDGET
Ms. Hsiang. Chair Hassan, Ranking Member Paul, and Members
of the Subcommittee, thank you for the invitation to testify on
legacy information technology in government on behalf of the
United States Digital Service. I am honored to be here
alongside my colleagues, Clare Martorana and Dave Zvenyach. I
am grateful that technology lets me participate remotely while
sick.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Hsiang appears in the Appendix on
page 31.
---------------------------------------------------------------------------
The mission of USDS is to ensure that government services
are delivered well, using the best of technology and design. We
do this in partnership with government agencies, by recruiting
and hiring top technical talent into Federal service, to work
on important projects across the government, side by side with
agency civil servants. We also collaborate closely with our
technical partners across the government, including agency
CIOs, the Federal CIO, and GSA. We are proud to have a track
record of convening teams that partner with agencies to define
and deliver on programs, both urgent and ongoing.
At USDS, we are focused on improving delivery in a few key
ways. First, we aim to make services more straightforward,
reliable, and sustainable through stronger technical
foundations. This is about making services simpler and more
consistent for the families, small businesses, veterans, and
others that we serve. This means strategic technical planning
for multi-year programs, designing technology for performance
and reliability, using integrated or shared tools for services,
and building for fast improvement, including frequent
deployment of code. It also means making it easier for agencies
to do these things simply and by default, which is far from the
status quo.
Software is never done since needs, both technical and
human, are always changing. We must make it easy and secure to
iterate quickly.
Second, we center our objectives around the people that we
service. We put our users first. For example, when we think
about veterans who need to know their benefits eligibility or
school nurses who must track and report COVID testing in their
school, we design the process, implementation strategy, and
technical build around what will create the best possible
outcomes for them. This usually requires an explicitly
iterative process that incorporates users in every turn,
evaluating how we are doing on the outcomes that matter for
them and revising based on what we find.
Finally, we find and empower great people. We strive to
bring the best practices and skills from across the country,
and we do this by recruiting team members with diverse and
relevant backgrounds, including government, to bring their
expertise to our critical mission. We have also created
training and upskilling programs to ensure that our colleagues
who already sit in critical positions throughout government can
continue to be aware of and use current best practices. We are
partnering with agencies and OPM to develop new capabilities
across the government, to develop hiring practices for
technical talent, to scale what we know works.
These strategies are based on our experience from many
different companies, agencies, and other organizations. We know
that they work to prevent and address legacy IT problems, but
they need to be scaled more universally across government in
order to address the overall challenge. Without the right
people, process, and technical foundations for every program in
service, they will default to a slow pace of updates and
change, becoming static and risk becoming legacy.
We work to collaborate with programs early so that they do
not encounter crises as a result of these problems, but when it
does happen, we partner closely with our colleagues to fix it
as in the example of the OPM mission-critical system that Clare
mentioned. USDS joined the OPM CIO's team to provide the
technical expertise to identify and debug OPM's current
challenges with the mainframe and also to offer the best
practice technical framework and strategy for moving forward on
the solution. We then partnered as well with GSA when they
arrived as they brought their expertise and capacity to drive
the operationalization of the solution.
The public, the families, small businesses, veterans, and
others who are counting on these services do not care how many
agencies exist, where the boundaries are, which legislation
created which system or eligibility, or what the color of money
is for maintaining a system. They want a simple and clear
experience when they interact with their government programs.
They want systems and programs that work together, address
their needs, and deliver the outcomes they expect, minimizing
their stress and the burden on their lives.
In collaboration with our agency partners, the three of us
seated in front of you are already working hard to coordinate
and collaborate on the appropriate capabilities necessary to
enable such a world, focusing on the experience of those we
serve, empowering talented public servants, and learning from
users to drive iterative, agile development and procurement. We
have outlined some of the challenges that make it more complex,
and we look forward to working with you to design solutions.
Thank you for the opportunity to testify, and I look
forward to your questions.
Senator Hassan. Thank you very much, Ms. Hsiang.
Now we will turn to our third witness, who is Dave
Zvenyach. Mr. Zvenyach is the Director of Technology
Transformation Services and Deputy Commissioner of the Federal
Acquisition Service within the General Services Administration.
An attorney by training, Mr. Zvenyach's previous experiences
working for the Washington D.C. Council exposed him to the
technology challenges that governments face. From there, he
joined the General Services Administration and later
independently consulted on Federal acquisition policy, and he
rejoined the Technology Transformation Services office earlier
this year.
Welcome, Mr. Zvenyach. You are now recognized for your
opening statement.
TESTIMONY OF V. DAVID ZVENYACH,\1\ DIRECTOR, TECHNOLOGY
TRANSFORMATION SERVICES, U.S. GENERAL SERVICES ADMINISTRATION
Mr. Zvenyach. Thank you, Chairwoman Hassan, Ranking Member
Paul, and Members of the Subcommittee. My name is Dave
Zvenyach, and I am the Director of Technology Transformation
Services at the General Services Administration.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Zvenyach appears in the Appendix
on page 36.
---------------------------------------------------------------------------
It is an honor to be here today and a privilege to work
alongside my colleagues, Clare Martorana and Mina Hsiang, as we
work together to provide trusted, accessible, and respectful
government experiences with and for all. They are accomplished
technologists, dedicated public servants with a deep passion
for service delivery. It is important that we are here together
because delivering quality software at the scale of government
requires a coordinated team effort.
As Mina said, our work requires a focus on the experience
of those we serve, empowering talented public servants, and
learning from users to drive iterative, agile development and
procurement. I am fortunate to work every day with incredibly
talented individuals and teams all across the country, who join
the government for one reason, to make sure that the technology
for the government of the people works for the people.
In government, we need to shift how we talk about and how
we deliver software. We need to understand that software
delivery is never really done. Technology is always evolving,
and we need our systems to keep up with changes in the law, to
improve performance and reliability, to meet new users' needs,
and we need to focus and prioritize improving service delivery.
We need to shift the government toward an expectation that
every system in production should be continuously improved so
that there is no such thing as a legacy system and no such
thing as ``done.'' By that measure, we have a long way to go.
But we also know that, as Clare said, we can do a great
deal across government with what we have today. At GSA, we are
proud of the role we play in working with our partners in
modernizing government systems and improving procurement
outcomes.
At the core of our mission at TTS, to design and deliver
digital government with and for the public, is the
modernization and security of government's infrastructure and
applications. Much of our work at TTS, our superpower, if you
will, is focused on reuse, whether it is our FedRAMP program
which helps agencies adopt secure cloud technologies through a
``do once, use many'' security approach, or the U.S. Web Design
System which is an example of a great collaboration with the
U.S. Digital Service, which provides a consistent and
accessible experience across agency websites, or
``www.digital.gov,'' which enables practitioners to share best
practices and learnings through communities of practice. These
and other shared services, our TTS solutions, are a core part
of what we do at TTS.
We also partner directly with agencies through our
Presidential Innovation Fellows (PIF) programs, 18F, and the
TTS Centers of Excellence.
The Office of Personnel Management journey described by my
colleagues is a fantastic example of the sort of collaboration
needed to fundamentally change the way services are delivered
to employees, Federal agencies, and the public. A longtime
partner of GSA, OPM looked at their health and benefits,
retirement, and HR systems challenges and realized that
expertise in understanding the entire landscape was needed. It
would require technology and data asset inventory improvements,
true, but it would also require the development of an
acquisition strategy because of the impending loss of contract
support. As Clare and Mina mentioned, the TTS Centers of
Excellence played a critical role in developing and executing
that acquisition strategy, helped facilitate the migration and
modernization of OPM's mainframe, and assisted OPM in the
sustained data governance and organization improvements along
the way. We are honored to continue to partner with OPM on
their modernization journey to this day.
The next few years will bring increasingly complex
challenges. With our ability to implement cross-government
solutions, we are uniquely positioned to help agencies address
them. By shifting how the government thinks about delivering
technology, focusing on the impact on mission and users,
looking to expertise and innovation in government, and
collaborating with our industry partners outside of government,
we can significantly improve Federal technology and ultimately
how agencies serve the public.
As long as there is work to be done, software delivery will
never be done. If we work on these challenges together, though,
we can build the momentum we need to make sure that when
Congress enacts a law, when a user has a new need, and a system
needs to be available, our systems are ready for that change.
Thank you for the opportunity to be before you today. I
look forward to answering any questions you may have.
Senator Hassan. Thank you very much for your testimony.
Thank you to all three of you for such clear and good
testimony, and I am going to begin with my round of questions.
As I indicated earlier, this is a complicated afternoon in the
Senate. Senators are going to be coming and going from votes
and may be joining us remotely. The level of attendance is yet
to be determined is what I am trying to say.
Let me start with a question to Ms. Hsiang and Ms.
Martorana. The U.S. Digital Service is known for quickly
responding to crises when they arise. For example, in the early
days of the COVID-19 pandemic, the U.S. Digital Service
assisted agencies with increasing their digital capacity to
serve the American people.
But even in the absence of a crisis, the U.S. Digital
Service is also capable of taking a proactive approach to IT
modernization and digital transformation that can yield really
impressive results. For example, the U.S. Digital Service was
able to collaborate with the Centers for Medicare and Medicaid
Services (CMS) on its payment processing system. The system was
more than 50 years old and relied on outdated code, which made
it difficult to use, costly to maintain, and vulnerable to
improper payments. But with the help of the U.S. Digital
Service, CMS modernized its system and migrated it to the cloud
before it encountered a major system failure or similar crisis.
Ms. Hsiang, how can the U.S. Digital Service jumpstart
agency IT modernization and movement away from legacy IT as it
did with the Centers for Medicare and Medicaid Services?
Ms. Hsiang. Senator Hassan, thank you so much for that
question. It is a great one. It boils down to leadership. A
crisis creates a situation where doing something differently
from how you have done things in the past suddenly becomes
absolutely necessary and everyone can agree on that. It creates
an opportunity for, as Clare noted, show, do not tell, the
opportunity to do things differently and to see how that
evolves.
That said, the same circumstances can be created without a
crisis through responsible leadership and the executive within
an agency. If executives truly understand the implications of
their IT systems through their cooperations, if the executives
are deeply committed and leaders are deeply committed to
ensuring that technology systems and technical systems continue
to support the mission, they, too, can create the circumstances
where it does not feel risky to do something different but
instead feels like the appropriate thing to do.
Senator Hassan. Thank you.
Ms. Martorana, on the topic of improper payments, how are
other agencies that manage Federal benefits taking advantage of
IT modernization, such as cloud computing, to prevent waste,
fraud, and abuse of taxpayer dollars?
Ms. Martorana. Thank you for that question. There are
significant efforts underway across multiple agencies that are
delivering benefits to, and services to, the public that are
focused on assuring that the benefits make their way to the
recipients. There are activities that are going on in
partnership with Federal agencies and reaching out to States
where those payments are ultimately delivered in some cases.
IT modernization: we are doing several different things
across the Federal enterprise to focus on this. One is a
concerted effort to do user research, making sure that we
understand what the problem is that we are trying to solve and
understanding both the technical, cultural, and business
process challenges that are often the complex mix that causes
challenges in operations. We are learning across the Federal
enterprise.
One of the unique groups that I have the great fortune to
work with is the CIO Council, and through that vehicle we share
these best practices and lessons learned. Recently, a CIO came
and in the open of a meeting talked about the fragility of a
system and was seeking the advice of other CIOs to remediate
the issue. I think we will continue to see both on the digital
side the collaboration that we all benefit from but also in the
planning and execution of these large policy efforts that are
impacting service delivery to the public.
Senator Hassan. Thank you. I have a question for Mr.
Zvenyach. While GSA's Technology Transformation Services
provide a number of innovative tech products and services to
agencies, I want to specifically discuss the 10x and
Presidential Innovation Fellows programs. Both of these
programs are designed to bring in new ideas to enhance
government IT performance and promote better service delivery.
Can you explain how the 10x and Presidential Innovation Fellows
programs work, and what specific innovations have come out of
these programs that are making government IT work better for
the American people?
Mr. Zvenyach. Thank you for the question. I will start with
10x. 10x is a program that is modeled after best practices
around private investment, so venture investment, and it uses a
phased approach to invest in ideas that might scale in
government technology. One of the lessons that we have learned
is that not every idea is of equal merit and, frankly, the most
expensive ideas in government are the ones that think that they
are great ideas but actually do not bear out.
Senator Hassan. Right.
Mr. Zvenyach. The benefit of 10x is that we have evaluated
over 1,000 ideas, been able to graduate the ones that have the
most merit into production. Programs like the U.S. Web Design
System that I mentioned in my testimony serves almost 250
million sessions per month. That was originally a proposal that
came through the 10x process, and it allows for almost, I
think, 80-something agency partners to use that consistent
experience across the Federal Government. That is the sort of
thing that comes out of 10x. We are very proud of the work that
we do largely because it does use the best practices, that
phased investment approach that you see in private industry,
and takes that into government.
In that same vein, the Presidential Innovation Fellows
program pairs private sector entrepreneurs and innovators with
public sector leaders. The thesis behind the PIF program, as we
call it, is to pair PIFs with deputy secretaries, CIOs, CXOs
across the government and make sure that they are bringing that
innovation into the government. The interesting plot twist is
that these PIFs often end up staying in government, and it has
been a really extraordinary opportunity to bring that
innovation into the public sector, get them attached to the
mission that we all know is important, and have them stay and
really contribute that service to the American people.
Senator Hassan. Great. One of the projects funded by 10x
focused on assisting agencies with IT management, budgeting,
and planning by producing a field guide to what is known as
agile acquisition, a term of art that I wanted to make sure I
understood. Agile acquisition allows agencies to test new
products and work with program developers to incorporate user
feedback into product design to ensure that the products work
and meet the agency's needs before the agency makes that kind
of major investment. I think that is really what you were just
getting at.
Talk a little bit more about how agile acquisition saves
taxpayer dollars and how we can ensure that agencies pursue
agile acquisition processes as much as possible.
Mr. Zvenyach. It is such a great question. I think one of
the things that we often see in procurement is that two things
are true. One is that there is the tendency to think about
procurement sort of in silos. In software, we talked about how
software is a team sport. You want to make sure that everybody
is on the same team in focus and service delivery on behalf of
the user. The same needs to be true in procurement. You cannot
have a contracting officer sitting on the other side of the CIO
sitting on the other side of the finance sitting on the other
side of legal.
Senator Hassan. Yes.
Mr. Zvenyach. Everyone needs to be on the same team,
focused on procurement outcomes.
Agile acquisition is really trying to bring teams together
so that we are focusing on how do we actually do iterative
development, how do we actually make sure that we are focused
on outcomes, not just outputs.
Senator Hassan. Right.
Mr. Zvenyach. Outcomes on behalf of the program. Programs
like 10x create opportunities to both show how it works and
then also to teach so that we have ability to do once and
reuse. We are really proud of the work that comes out the
guides, the derisking guide and the like, and I thank you for
that question.
Senator Hassan. It is really important, and again, it gets
at this whole-of-government approach, sharing information,
breaking down silos.
A question for you, Ms. Martorana. The many policies,
programs, services, and financial resources available to
agencies seeking to modernize their IT systems can only be
useful if the agencies are taking advantage of them. Is there
currently a way to track agency use of the various tools,
services, and resources that we have been discussing today and
measure whether they are helping agencies effectively
modernize?
Ms. Martorana. Thank you for that question. There are
numerous planning tools that are in place related to IT
tracking, cost, scheduling, performance, and IT system
modernization projects in total: the IT dashboard, the Capital
Planning and Investment Control (CPIC) process, through FISMA.
There are many mechanisms that we are using.
One of the things that is a focus of my office is with so
many data inputs we want to make sure that we are making the
best informed decisions with the data. Just gathering data for
compliance reasons alone and not being able to tie the data to
a very specific outcome, making sure that we are having the
greatest impact with the investment dollars that we are given--
and they are taxpayer dollars--we all take that very seriously.
We want to make sure through those tools that we are looking at
fraud, waste, and abuse as kind of the cornerstones of good
business. That is what any good business person does.
But I do think that there are opportunities for us to get
better at this. I think that transparency and accountability
for some of these projects--we have over 700 high-value assets
in the Federal Government. That is a large data set. I think in
total we have over 8,000 large IT projects that are active in
the Federal Government. We are trying to think of ways where we
can use data and data visualization to drive some informed
decisionmaking and also help us identify risk earlier in the
process.
Senator Hassan. Are there any other things you think you
need to implement? Essentially, you talked a little bit about
data collection and possibly tracking how agencies are using.
But to really implement kind of the assessment function, do you
feel like you have the tools and it is just a matter of
directing them correctly, or there are other things you could
develop or use?
Ms. Martorana. I think the complexity of this is really
challenged by some of our funding mechanisms.
Senator Hassan. OK.
Ms. Martorana. Single-year funding for projects that are
complex----
Senator Hassan. Yes.
Ms. Martorana [continuing]. Adds quite a bit of burden to
the process and sometimes forces people to make decisions in
advance of having a fully validated plan.
Senator Hassan. Got it.
Ms. Martorana. I think we also have opportunities and need
for business process improvement, making sure that to our team
sport theme today that both program officials, agency
officials, CIO teams, our procurement colleagues are all
focused on accomplishing the same end result.
I think, again, I would kind of go back to funding.
Senator Hassan. Yes.
Ms. Martorana. Making sure that we have flexible funding
vehicles, like TMF----
Senator Hassan. Yes.
Ms. Martorana [continuing]. Which is allowing us to move
out on multi-year modernization projects, but surrounded by a
team of people that are incented by our collaborative nature to
hopefully drive a better improvement of the service delivery
that we are trying to accomplish. I think those things in
combination are keys, and I think it requires partnership also
with the Hill for us to be successful.
Senator Hassan. OK. Thank you.
I think we are expecting another Senator shortly, but I am
going to continue along with my questions until she gets here.
This is a question to all three of you. As part of the American
Rescue Plan (ARP), the Technology Modernization Fund,
administered by the Office of Management and Budget and the
General Services Administration, received $1 billion to
increase the fund's capacity to assist agencies in achieving
their IT modernization goals. We touched on this a little bit,
but in addition the American Rescue Plan also provided funds to
the IT modernization services and programs at the U.S. Digital
Service and GSA.
To date, what projects have these funds supported, what
benefits are the American people receiving or will receive as a
result of these projects? Why don't we start with you, Ms.
Hsiang, and then we will go to Mr. Zvenyach and Ms. Martorana.
Ms. Hsiang. Thanks for the great question. I would love for
Clare to speak to the details of the TMF money since she is
responsible there, but I would add that our funding to
Information Technology Oversight and Reform fund (ITOR) or to
USDS-specific programming has enabled a number of programs to
be staffed and for us to work toward program outcomes.
In particular, this has enabled our work on
``www.vaccines.gov'' and the assistance hotline and textline
associated with that. It has allowed us to do work toward the
child tax credit in collaboration with Treasury and the Interal
Revenue Service (IRS). It has enabled work on unemployment
insurance and modernizing those systems and programs. It has
enabled our work on unemployment insurance and modernizing
those systems and programs. It has enabled our work on the
emergency broadband benefit program at the Federal
Communications Commission (FCC), work in the social safety net
benefits programs that are administered by U.S. Department of
Agriculture (USDA) and FMS, emergency rental assistance at
Treasury, and then us to support programs at Small Business
Administration (SBA) around Shuttered Venue Operators Grants
and Restaurant Revitalization Fund.
I would note that in addition to helping us directly
support those specific programs and ensuring that service
delivery against those programs achieves the intended goals of
the programs, it also allows us to work in all of those
agencies on a mission-critical program that is of high
priority, which allows us show that agency and work closely
with that agency on implementing new, more modern capabilities,
to help that agency have an example of what more modern
capabilities look like.
As Clare noted before and I also mentioned, a lot of times
what it takes to sort of--to your first question, what
motivates change, the mandate to do something new in addition
to visibility and how to do it differently often creates an
opportunity for more widespread change within an organization.
In addition to the direct benefits to these programs, it also
has allowed us to work closely with and help modernize some of
the practices at each of those agencies.
Senator Hassan. Thank you.
Mr. Zvenyach.
Mr. Zvenyach. Thank you. I, too, will defer to Clare on the
TMF, but for our purposes the American Rescue Plan has enabled
a number of different investments. We also have supported a
number of specific agency initiatives under the American Rescue
Plan.
But because of TTS's unique role to focus on cross-agency
initiatives and to think about how we might be able to provide
sort of the reusable aspects, a number of our investments have
been sort of building on the theme of 10x. We talked about the
idea of those investments in trying to find what in the venture
world you would call multiples. Things like the U.S. Digital
Corps is an investment that we made, and the U.S. Digital Corps
is an investment in trying to bring in the next generation of
technology leaders and trying to find early career
technologists in government. That is the sort of thing that we
think can have not just immediate effect but transformational
effect on government.
Also, investments in the FedRAMP automation. FedRAMP is one
of the things that we think enabled us to respond to the
pandemic, frankly, is the ability to use virtual technologies
and cloud service technologies. Investments in automation in
FedRAMP and sort of improving the through-put in FedRAMP is
important.
We have also made investments in more speculative things.
There is a project that I like called Pie Spots, and the idea
with Pie Spots is to say how might we use raspberry pies, which
are these like tiny little devices to maybe bridge the digital
divide. There is a number of investments that we are looking at
that some of which might work, some of which might not. But the
idea with some of these investments is that we want them to
have again these returns on investment, really, I think,
focusing on value, and using these funds in a way that has both
transparency and accountability but also has real multiples in
value to the public.
Senator Hassan. Thank you.
Ms. Martorana.
Ms. Martorana. Yes, I really appreciate the congressional
commitment to IT modernization through the resources made
available through the American Rescue Plan. The funding
provided to USDS, GSA, and through the TMF are an investment in
both our information security and the quality of government
services. We have received applications for TMF funding from 48
different agencies or components of agencies, totaling about
$2.3 billion. We have sent up to Congress for review the first
seven proposals that are going to be awarded through TMF, and
two-thirds of them represent cybersecurity. The appropriation
was for solar winds, mitigating the impact of solar winds and
the cybersecurity challenges that we are facing, as well as
challenges that came to light during COVID-19.
What you will see in the multitude of those project
proposals is a new way of us looking at how to disburse money.
We really are trying to be strategic investors, working with
our agency partners, making sure that we are evaluating these
programs, obviously, for the greatest risk that they
potentially have to the Federal enterprise. But also, we are
looking at the highest probability of success, the highest
value to the public for some of these, and the highest impact
to security outcomes.
The focus that we have been able to use, a tool that was in
the original appropriation but was not utilized previously, but
we felt the emergency need of solar winds and the COVID-19
pandemic really warranted us focusing on payment flexibility.
We issued guidance on payment flexibility and have had a
significant number of proposals come in requesting that due to
the urgent need of those agencies asking for that.
The investment portfolio guidance that we gave out focused
on high-value assets----
Senator Hassan. Right.
Ms. Martorana [continuing]. Again, really in the swim lane
of IT modernization. Public-facing digital services, shared
services, and cybersecurity. As I said, about 75 percent of the
project proposals that have come in have had a primary or
secondary cybersecurity focus.
Senator Hassan. Thank you. I appreciate that very much.
I am now going to turn to my colleague, Senator Rosen, for
her round of questions.
OPENING STATEMENT OF SENATOR ROSEN
Senator Rosen. Thank you, Chair Hassan, and thank you for
holding your second hearing on the important issue of the
Federal Government's IT modernization.
This may not seem like the most exciting topic to some
people, but as a former computer programmer, I know how
important it is to get this right. This is not just about IT.
It is about making sure that when not just Nevadans but all
Americans, when they interact with their government because
they are waiting on a tax refund, a Social Security payment,
trying to renew a passport, applying for a grant, they know it
is the technology that makes it possible for them to access and
get what they need from the Federal Government.
It is the responsiveness of the government, the security
that hopefully we can provide. Glad to hear about those
cybersecurity projects. It really allows us, if we modernize,
to deliver those services that people really need.
As Chair Hassan has pointed out, modernizing IT across the
Federal Government also has the potential to save millions of
dollars in taxpayers' funds. It is really the responsible thing
to do. I want to thank the Chair again. I want to thank all the
witnesses for your time today and, of course, for what you are
doing every single day.
I want to talk a little bit about IT Centers of Excellence.
Mr. Zvenyach, I am interested in the IT modernization Centers
of Excellence that GSA established in 2017, that Senators
Portman and Hassan worked to codify in 2020. The goal of the
centers is to connect private industry with government agencies
to achieve their IT modernization goals. Can you give us an
update on the progress that GSA is making with these Centers of
Excellence, and what resources do you think you need to make
them more effective or tweak them? How do we build on the
success?
Mr. Zvenyach. Great. Thank you. Thank you for that
question. We are very proud of the work that we have done with
the Centers of Excellence. We heard one example earlier with
the OPM.
Another example that I think is just a wonderful example is
with the work that we have done with the U.S. Department of
Agriculture. We had just an extraordinary partnership there. We
were able to increase approvals by almost 3.5 percent, save
tens of millions of dollars in annual cost avoidance by
eliminating 31 out of 37 data centers, by providing better
experience in terms of things like AskUSDA, really working to
improve both the data, the governance, and just the overall
user experience with the Department of Agriculture. Our
partnerships really with a number of agencies with the Centers
of Excellence have been something that we are really proud of
and something that we continue to invest in.
I think where we see opportunity for the Centers of
Excellence--and I think this is true across the board--is two
things. One, we know that we need partners on the other side,
who understand that these are complex challenges. As Mina said
earlier, it really does require leadership to create those
conditions for change. Obviously, in an emergency, everyone is
ready to jump to the fray and to make those conditions, but
unless there is another partner on the other side who is
willing to make the changes that they need to make it does not
really stick. The Centers of Excellence have done extraordinary
work with our partners, but we need to always make sure that we
have partners on the other side that have really clear
understanding of their challenges.
Maybe they do not have answers. In fact, usually it is
better if they do not have answers because sometimes they have
preconceived notions about what might work. But if we have a
clear understanding this is the problem that you are trying to
solve, then we can come to the table and help bring our
expertise and pair with their expertise to get it done.
The other thing that I will note is that one of the
perpetual challenges with this is that we bring in
extraordinary technologists. The last thing that we need to be
doing is to be worrying about how we are going to deal with
this interagency agreement and that interagency agreement and
funding things. As we said, nobody really cares about the color
of money. We just want to get to work and help people get these
problems solved.
I think that is the thing that we really need to figure out
is how do we make it easier for technologists to focus on the
challenges, to work across our agency boundaries because the
public does not care about these boundaries and neither do the
technologists. They just want to work together to solve these
important problems.
I think that is incumbent on leadership. It is incumbent on
our partnership with Congress. It is obviously important for
our relationship with OMB and beyond.
Senator Rosen. I could not agree more. You set me up
perfectly for my next question because I was going to talk
about the success of the Department of Agriculture that you
have really had there. How can other agencies use this USDA
model for IT modernization? Because what you have been talking
about is just phenomenal.
Mr. Zvenyach. It is a great example. What I should say is
that for every USDA there is another one. Right?
One of the great things about USDA is we had extraordinary
partnership and leadership over at the U.S. Department of
Agriculture. Gary Washington, the CIO there, was an
extraordinary leader. We had folks sort of all the way up and
down the chain who were excited about the mission and who
understood that this was not going to be easy. It was going to
require a commitment to users. It was going to require some
iterative development. Closing down 31 data centers does not
happen overnight.
Senator Rosen. Right.
Mr. Zvenyach. It takes sustained investment, and it
requires sustained attention and focus. I think that as we look
to other agency partners, what we need them to understand is
that when they show up we also expect this to be a long-term
partnership and something that they and we are not coming to
the table for a quick fix. This is not this thing that you say,
``OK, I have solved it. We have moved on.'' This is a long-term
investment because the work is not done until software works
for the public.
Senator Rosen. Thank you. I would like to briefly touch on
cybersecurity. You said two-thirds of the requests so far,
proposals out there, were for cybersecurity projects because we
absolutely need to make sure that cybersecurity is part of it.
There are multiple, always multiple, points of, I suppose,
interception from hackers that are out there. Maybe that is the
best way to put that. As we modernize these legacy IT systems,
we have to really be sure that we are protecting the taxpayers
who rely on government services.
Ms. Martorana, can you tell me what services your agencies
provide related to cybersecurity, and how do you ensure that
agency modernization plans pay sufficient attention to
sustaining cybersecurity? The sustainment. It is one thing to
go in first, but it is, as you said, iterative development. You
have to continue to do it over and over again.
Ms. Martorana. Yes, cybersecurity. There was a wonderful
hearing here last week with three Federal leaders: Mr. Inglis,
Ms. Easterly, and Mr. DeRusha. I do not think we could have a
better team of people focused on cybersecurity for the Federal
enterprise.
We focus in IT modernization through the cybersecurity
executive order that came out. We assigned 23 tasks to Federal
agencies related to cybersecurity.
One of the really collaborative ways that we are trying to
focus on this is through the guidance that we just issued on
zero trust. What we have recently undertaken is a public
comment, a period of public comment, on the zero trust strategy
that we put out, and we found we received over 100 comments in
the 2 weeks that this was available for the public, from
industry, from private citizens, and from Federal employees. We
got a great, diverse set of comments that are actually going to
make our strategy more actionable for Federal agencies. I think
that type of collaborative and open perspective on
cybersecurity is what is needed for us to keep our projects
safe and secure.
In the Technology Modernization Fund, as I mentioned, the
75 percent, we are doing something that is a best practice in
the Federal Government and in the private sector, which is we
are picking projects that not only have the greatest chance of
success but that we can also build playbooks off of, so that we
can repeat--every agency is trying to get to a basic level of
zero trust, which basically means not trusting any traffic
inside your network, constantly validating to make sure that
you are not just securing the perimeter, but you are making
sure that you are watching every transaction that happens
within the network.
By trying to get us to that base level of zero trust, we
are applying that to every IT modernization project that we
undertake. Things have to be secure by design. Security is not
an afterthought.
Senator Rosen. Right.
Ms. Martorana. Security cannot be something you bolt on or
it is someone else's responsibility. It is a core part of the
way that we do software development, that we build projects,
and that we will approve plans that come before the TMF board.
Senator Rosen. Thank you for that. I agree. I am very happy
to hear about the public comment because if you do not ask
people on the ground what they need--the goal of writing good
software is to give people what they actually need, not what
someone thinks they need. I think that is a great way to go.
Madam Chair.
Senator Hassan. Thank you very much, Senator Rosen.
I am going to turn now to Senator Ossoff, who is joining us
virtually.
OPENING STATEMENT OF SENATOR OSSOFF
Senator Ossoff. Thank you, Madam Chair. Thank you to our
panel.
Reflecting on the performance of the rental assistance
program that Congress passed in the American Rescue Plan Act,
to help families stay in their homes during the pandemic, and
how that rental assistance then was meant to be distributed via
a patchwork of counties, municipalities, and State governments,
the complexity of execution left many local governments unable
to rapidly scale the technical infrastructure necessary to
solicit and receive applications, to process them, and to
deploy funds. It defies reason, in my opinion, that we would
ask thousands of jurisdictions around the country to replicate
the production of new technical infrastructure where, clearly,
they do not have the capacity, and the need was urgent.
My question for you to begin with, Ms. Martorana, is: Could
you reflect on how we might be able to centralize much of that
activity so that we can scale an effort like that swiftly and
improve ease of use for the customer, in this case, a tenant or
a landlord seeking to access rental assistance and to make it
easier for local government partners to stand up new programs
like this in emergencies?
Ms. Martorana. Thank you very much for that question. In my
opening testimony, I focused on designing with users, not for
users. One of the most critical parts of designing software
products and services is making sure you understand the problem
you are trying to solve. it is absolutely critical that we do
this most foundational step in every single leg of service
delivery, whether it is starting at the Federal level and then
being dispensed to States and then local--municipal and local
governments. That is a key focus of all of ours related to
service delivery.
Senator Ossoff. Thank you, Ms. Martorana, and that is an
admirable principle, and I am sure that one, when applied,
results in better outcomes. But let us think a bit more here.
What is your reaction to the idea that when we, Congress
creates such a program and seeks to rapidly deploy, for
example, rental assistance resources across the country, we
would make an API or a piece of software or a ready-to-use
commercial solution available to those States or counties. Or,
move in the opposite direction, from downstream to upstream, by
allowing those counties to plug into a Federal system.
Designing with users, that is a great principle, but can
you please comment on this specific case and how the Congress
could have better designed this program and how we can work
with executive agencies to make it easier to rapidly deploy
resources, to integrate with State and local governments, on a
project such as the rental assistance program.
Ms. Martorana. Yes. I do not have as much detailed
information on the rental assistance program specifically, but
I think I can really touch on the point that you are trying to
make about us using modern technology solutions to deliver
better services to the public. Application programming
interfaces, APIs are something that can be developed from
legacy systems. You do not need to have a totally modern tech
stack in order to use some of these more modern, best practice,
development capabilities. They would deliver better services
downstream to State and local governments.
But I think that you are onto something that is a very
important part of how we are thinking across the Federal
Government, and possibly my colleagues might be able to jump in
on this as well because that is a method that is tried and
true. We used APIs off of legacy systems at the Department of
Veterans Affairs (VA) in order to give veterans, caregivers,
and their families the services that they deserved. This is a
process that is possible. It is utilized every single day
across government and in the private sector. I just cannot
speak specifically to the rental assistance use case.
Senator Ossoff. Thank you, Ms. Martorana. I would welcome
and invite your colleagues to weigh in, maybe sequentially down
the table, on this point. What I am asking you to do is to help
the Committee envision the design of systems, technology, and
implementation for a case such as the one that I raised and
that we are discussing.
Senator Hassan. Why don't we start with Mr. Zvenyach and
then go to Ms. Hsiang.
Mr. Zvenyach. Great. Thank you. I think a couple of things
to note. The first is that sort of, as Mina said in her
testimony and it is similar to what Clare is describing, I
think one of the challenges that we confront with something
like the program you are describing is that the public does not
care about our organizational boundaries. They do not care that
I am part of GSA and Clare is part of OMB and that the
Department of Housing and Urban Development (HUD) is HUD. They
just do not care. They do not care that a county is part of a
State or that the State is unrelated to the Federal Government.
They just want the program to work.
But our technology systems are built around the funding
flows that go from agency to agency, or agency to county, or
agency to State. What we need to do is we need to find a way to
connect the technologists to each other without having it be
totally dependent on saying, OK, I am optimizing for my agency,
I am optimizing for my thing, and instead, start to have better
conversations about how we can collaborate across those
boundaries.
That is, frankly, the shift that we need to make as a
government is that we have to stop centering around our org
chart, stop centering around how we organize ourselves, and
start organizing around how we can best deliver for the public
because the public does not care about our org chart. They care
about their service delivery. What we have to be doing is to
reorganize our work and reorienting our efforts in order to
best service, to deliver.
To specifically answer the question, the thing that we
would need to do is to be able to work with Congress when you
are enacting legislation to understand the program design and
make sure that we are aligning the money flows and also
aligning the technologists that are going to be working on this
at the same time that you are putting the policy in place
because the policy and technology cannot be sequential. It
cannot be that you pass a law and then the technology comes in
far afterward because if the technology cannot implement the
policy then it will not work. When Congress passes a law, if
the technology does not implement it, it is not a successful
program. We have to be able to work with Congress in order to
make sure that the systems do what Congress wants it to do.
Senator Hassan. Thank you.
Senator Ossoff. Thank you.
Ms. Hsiang.
Ms. Hsiang. Thank you, Senator Ossoff. I agree with the
statements of my colleagues here and would just add that
developing technology to support a specific outcome or to
support a specific program is an inherently iterative process.
We need to identify what the specific outcomes we are targeting
are and then run sort of an iterative process to identify the
right approaches that take into account the systems that are
currently in place, that take into account the capabilities of
players at various levels, and that take into account the
realities of State and local government, intermediaries,
grantees, and the public who is looking to interact with those
systems and how they plan and want to engage and their capacity
for doing so.
To sort of agree with what Clare said, I think it is very
important to focus on what the outcomes are for our specific
users. In this case, there are two different sets of users,
State and local grantees, and also the public.
Then I think as Dave notes, it is important for us to be
part of that iterative process. By ``us,'' I do not necessarily
mean us USDS, but I mean technologists.
If you are looking to design--if you, the Hill, if you,
Congress, are looking to develop legislation with a specific
outcome objective that can be enabled by technology, the best
way to ensure that you achieve the outcomes that you are
looking for is to engage technologists in an iterative process
and along the way, as you are developing that legislation, to
ensure that the program design is possible to be executed with
technology at the various levels.
Senator Ossoff. Great insight. Thank you.
Thank you, Madam Chair. I yield back.
Senator Hassan. Thank you.
Senator Hawley.
OPENING STATEMENT OF SENATOR HAWLEY
Senator Hawley. Thank you, Madam Chair. Thanks to the
witnesses for being there.
Ms. Martorana, can I start with you. You write in your
testimony that no two agencies are the same and the different
agencies are in different points when it comes to IT
modernization. I would be curious that what in your view are
the specific agencies that right now have the greatest
modernization needs?
Ms. Martorana. Sorry about that.
Senator Hawley. That is OK. It is hard to see the red
light.
Ms. Martorana. Thank you for the question. I do not know
that I could answer that specifically. I work with CIOs every
single day, and we work on numerous projects related to their
portfolios. Some have some cybersecurity challenges that they
are focused on, but I do not think wholesale that it would be
easy for me to point out a specific agency.
Senator Hawley. Let me flag one for you. In a previous
hearing on this same topic, we learned that the Treasury
Department's age--the system that the Treasury uses to hold
taxpayer information, is 51 years old, if I have my facts
right. In addition to that, we have asked a lot of this system
over the past year to distribute pandemic aid in an
unprecedented manner. Let me ask you, to what extent is
Treasury's IT modernization a priority for the administration?
Ms. Martorana. It is a large priority. I was actually on
the phone with the CIO several days ago, working on this very
matter. One of the things that I said in my opening testimony
is while it is easy for us to think about technology, legacy
technology, from an age perspective, we try to focus on it from
a risk perspective. Can something meet the policy needs that
are being written, and can we actually deliver for users? Can
we patch the system should there be a security issue?
Not all legacy systems are--all of them, if we had a magic
wand, I would want us to have the most modern technology across
government wholesale, full stop. But we have to prioritize with
the dollars that are allocated to each agency, to prioritize
the systems that are at greatest risk, might not be able to be
patched, have availability issues where they might go down.
In working with the CIO of Treasury, those are the
conversations that we are trying to have to make sure their
high-value assets are prioritized the right way for the right
investment and to accelerate their IT modernization journey.
Senator Hawley. Very good. Just on this same point, do you
have a sense of what reasons Treasury and the IRS have given
for why modernization activities have been delayed in the past,
in other words, why we are where we are?
Ms. Martorana. I think some of the complexity is some of
the policy initiatives that we undertake as a Federal
Government that requires us to reprogram some of our systems.
Some of those foundational items at Treasury went through
reprogramming for the Affordable Care Act (ACA). Then they went
through, just recently, reprogramming for PPP or for COVID--
other COVID relief, ARP relief. Some of those systems we are
prioritizing operational need versus long-term modernization
opportunities.
A lot of these are not only intricately designed within the
agency itself. Some of them deliver services to other agencies.
Making sure that you can sequence your modernization projects,
do them in bite-size chunks, so that you are not trying to boil
the ocean at one time, are all part of the complexities that
CIOs deal with on a daily basis and on an annual planning
basis.
Senator Hawley. Very good. That is helpful. That is really
helpful.
Let me ask you about a GAO report issued in June 2019 to 8
different Federal agencies with legacy systems. The report had
recommendations that identified and documented modernization
plans for their systems, but as of earlier this year, if I am
not mistaken, seven of those eight had not yet implemented the
GAO's recommendations going on over 2 years now. I just want to
ask if the implementation of these findings is a priority for
you and the administration and what you are doing to ensure
that those recommendations get implemented.
Ms. Martorana. Yes, IT modernization plans are our
priority. I have been working with GAO closely to understand
the baselining of their reporting and what we need to do to
partner together to support those agencies on their journey.
Senator Hawley. Very good. Thanks so much for being here.
Thank you, Madam Chair.
Senator Hassan. Thank you very much, Senator Hawley.
I appreciate the testimony of the witnesses so much. I
appreciate your work and your service.
We are in the middle of a vote. I do have a couple of more
questions, and I will ask you to be relatively brief in your
responses, and then we will wrap up the hearing so I can go
vote.
Ms. Martorana, I wanted to follow up with you. We talked
about how making sure there is flexibility for repayment for
the Technology Modernization Fund is important, but in addition
to expanding access to the TMF it is important that Congress
authorize agencies to transfer money into working capital
funds. The Modernizing Government Technology Act, which was
passed in 2017, authorized agencies to establish IT working
capital funds to provide a flexible source of funding for long-
term IT projects from within the agency.
However, the Modernizing Government Technology Act did not
include authority for agencies to move money into these
accounts, which leaves these critical funding mechanisms
unavailable to most agencies. In fact, only the Small Business
Administration has received authority to transfer money to its
IT working capital fund in order to pay for ongoing IT
modernization projects.
How is the Office of Management and Budget working with
agencies that are seeking the transfer authority to ensure that
congressional authorizers and appropriators will support these
requests?
Ms. Martorana. Thank you for that question. We are
supportive of legislative fixes that would help agencies use
these innovative funding models, including working capital
funds. It is really essential. As we noted earlier, 1-year
money or having real restrictions on the funding that is being
provided to agencies, to move out on these multi-year projects,
is really challenging.
Senator Hassan. Yes.
Ms. Martorana. We are working closely with our CIO
colleagues and across OMB on utilizing it. But there might be
the need for some legislative fixes, and I really look forward
to working with you and the Committee on those.
Senator Hassan. We would really look forward to all of you,
as you identify this type of issue, really letting us know
about them as soon as possible so we can work to make sure that
the agencies have the kind of authorities that they need.
Because we are running up on a vote, I am going to ask one
wrap-up question. I am going to ask each of you to respond to
it, and I am going to be a little unfair here and ask each of
you to try to keep your response to about a minute.
At our April hearing, I concluded by asking each witness
what in their opinion is the greatest challenge presented by
the use of legacy IT systems. Today, our conversation is
focused on solutions for modernizing legacy IT. As we conclude,
I would like each of you to describe what in your view is the
most important thing agencies should be doing to modernize
their outdated and obsolete IT systems. We will start with Mr.
Zvenyach. Then we will go to Ms. Martorana, and then we will go
to Ms. Hsiang.
Mr. Zvenyach. I think the first thing that agencies should
do is not try to go it alone. If agencies try to do this by
themselves, if they try to focus on their particular solutions
in their own way, they are going to find themselves in a much
harder place.
If we work as a team, if we work across our agency
boundaries, we reuse the things that are available, we use the
playbooks that are created, we use the shared services that we
have and invest in those shared services, we focus on our
users, we work in iterative ways, we do not let the things that
have historically left us in a position of saying ``This is how
we have always done it'' and instead say ``This is what is
actually important for the public,'' then we are going to be in
a better position to actually modernize these systems.
Senator Hassan. Thank you.
Ms. Martorana.
Ms. Martorana. Yes, I would say continuing to move out on
the planning journey. I think, to Dave's really good point, not
going it alone. While our agency missions are completely
unique, we are dealing with many of the same problems at every
single agency.
What we try and do through the CIO Council is work on
collaboration, sharing information very openly, making sure
that we understand what problem someone is trying to solve. We
share everything from wholesale planning and financial data to
playbooks, as Dave mentioned, and configuration settings for
software, to be able to move out faster. We are working on a
project through the CIO Council of connecting agencies,
calendaring functionality so we can schedule meetings more
easily. While they seem like simple things, spinning up those
kinds of collaborative activities I think is going to be
absolutely key to us continuing this modernization journey.
Senator Hassan. Thank you so much.
Ms. Hsiang.
Ms. Hsiang. Thank you. I would say that for agencies to
make the most progress on their modernization journey there are
a few key components. First, to recognize that it is a journey
and the best approach is to take it in chunks. Everything is
lower risk. This is what we have seen work across industry.
Doing it piece by piece is critical, and not trying to do any
big bang or blanket modernization, but instead to think about
it as a stepwise process and journey that you are embarking on.
Second would be to think about the personnel and engage in
some new approaches for hiring to ensure that you have the
right personnel for the expertise that is required at every
step of this journey. There are many different competencies
that are required. Director Easterly said it well; we need to
help agencies move to competency-based hiring. I think that
that will help support modernization--them on their
modernization journeys as well. There are some key things that
they can do that we are happy to share.
Finally, I would encourage them to focus in thinking about
the right approaches for procurements to support that
modernization. The right approaches are some of the things that
Dave has spoken about, that Clare has spoken about. They need
the types of flexible and iterative procurements that support
the modernization that they are looking to accomplish and to
support that stepwise and iterative approach they are looking
to take.
Senator Hassan. Thank you so much. I want to thank all
three of your for your time, for your testimony this afternoon.
Thank you for really valuable insights on this topic and your
contributions to improving Federal IT systems in a fiscally
responsible way.
I want to thank you for your service to our country. It is
really important, and you have really shone an important light
this afternoon on the progress we have made and the progress we
can continue to make.
I look forward to continuing to work with this
administration on encouraging use of existing IT modernization
tools and resources to secure IT systems and deliver government
services more effectively, as well as to coordinate on ways
that Congress can fill the gaps to achieve the ultimate goal of
saving taxpayer dollars and improving service to our taxpayers,
too.
The hearing record will remain open for 15 days, until 5
p.m. on October 13th, for submissions of statements and
questions for the record.
This hearing is now adjourned.
[Whereupon, at 3:46 p.m., the Subcommittee was adjourned.]
A P P E N D I X
----------
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[all]