[Congressional Record Volume 162, Number 144 (Thursday, September 22, 2016)]
[House]
[Pages H5830-H5833]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
MODERNIZING GOVERNMENT TECHNOLOGY ACT OF 2016
Mr. HURD of Texas. Mr. Speaker, I move to suspend the rules and pass
the bill (H.R. 6004) to modernize Government information technology,
and for other purposes, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:
H.R. 6004
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Modernizing Government
Technology Act of 2016'' or the ``MGT Act''.
SEC. 2. FINDINGS; PURPOSES.
(a) Findings.--The Congress finds the following:
(1) The Federal Government spends nearly 75 percent of its
annual information technology funding on operating and
maintaining existing, legacy information technology systems.
These systems can pose operational risks, including rising
costs and inability to meet mission requirements. These
systems also pose security risks, including the inability to
use current security best practices, such as data encryption
and multi-factor authentication, making these systems
particularly vulnerable to malicious cyber activity.
(2) In 2015, the Government Accountability Office (GAO)
designated Improving the Management of IT Acquisitions and
Operations to its biannual High Risk List and identified as a
particular concern the increasing level of information
technology spending on Operations and Maintenance making less
funding available for development or modernization. The GAO
also found the Government has spent billions on failed and
poorly performing IT investments due to a lack of effective
oversight.
(3) The Federal Government must modernize Federal IT
systems to mitigate existing operational and security risks.
(4) The efficiencies, cost savings, and greater computing
power, offered by modernized solutions, such as cloud
computing, have the potential to--
(A) eliminate inappropriate duplication and reduce costs;
(B) address the critical need for cyber security by design;
and
(C) move the Federal Government into a broad, digital-
services delivery model that will transform the Federal
Government's ability to meet mission requirements and deliver
services to the American people.
(b) Purposes.--The purposes of this Act are the following:
(1) Assist the Federal Government in modernized Federal
information technology to mitigate current operational and
security risks.
(2) Incentivize cost savings in Federal information
technology through modernization.
(3) Accelerate the acquisition and deployment of modernized
information technology solutions, such as cloud computing, by
addressing impediments in the areas of funding, development,
and acquisition practices.
SEC. 3. ESTABLISHMENT OF AGENCY INFORMATION TECHNOLOGY
SYSTEMS MODERNIZATION AND WORKING CAPITAL
FUNDS.
(a) Information Technology System Modernization and Working
Capital Funds.--
(1) Establishment.--There is established in each covered
agency an information technology system modernization and
working capital fund (in this section referred to as the ``IT
working capital fund'') for necessary expenses for the agency
described in paragraph (3).
(2) Source of funds.--Amounts may be deposited into an IT
working capital fund as follows:
(A) Reprogramming of funds, including reprogramming of any
funds available on the date of the enactment of this Act for
the operation and maintenance of legacy information
technology systems, in compliance with any applicable
reprogramming law or guidelines of the Committees on
Appropriations of the House of Representatives and the
Senate.
(B) Transfer of funds, including transfer of any funds
available on the date of the enactment of this Act for the
operation and maintenance of legacy information technology
systems, but only if transfer authority is specifically
provided for by law.
(C) Amounts made available through discretionary
appropriations.
(3) Use of funds.--An IT working capital fund established
under paragraph (1) may be used, subject to the availability
of appropriations, only for the following:
(A) To improve, retire, or replace existing information
technology systems to improve efficiency and effectiveness.
(B) To transition to cloud computing and innovative
platforms and technologies.
(C) To assist and support covered agency efforts to provide
adequate, risk-based, and cost-effective information
technology capabilities that address evolving threats to
information security.
(D) Reimbursement of funds transferred from the Information
Technology Modernization Fund established under section 4,
with the approval of the agency Chief Information Officer.
(4) Existing funds.--An IT working capital fund may not be
used to supplant funds provided for the operation and
maintenance of any system already within an appropriation for
the covered agency at the time of establishment of the IT
working capital fund.
(5) Reprogramming and transfer of funds.--The head of each
covered agency shall prioritize funds within the IT working
capital fund to be used initially for cost savings activities
approved by the covered agency Chief Information Officer, in
consultation with the Administrator of the Office of
Electronic Government. The head of each covered agency may--
(A) reprogram any amounts saved as a direct result of such
activities for deposit into the applicable IT working capital
fund, consistent with paragraph (2)(A); and
(B) transfer any amounts saved as a direct result of such
activities for deposit into the applicable IT working capital
fund, consistent with paragraph (2)(B).
(6) Return of funds.--Any funds deposited into an IT
working capital fund shall be available for obligation for 3
years after the date of such deposit.
(7) Agency cio responsibilities.--In evaluating projects to
be funded from the IT working capital fund, the covered
agency Chief Information Officer shall consider, to the
extent applicable, guidance established pursuant to section
4(a)(1) to evaluate applications for funding from the
Information Technology Modernization Fund that include
factors such as a strong business case, technical design,
procurement strategy (including adequate use of incremental
software development practices), and program management.
(b) Reporting Requirement.--
(1) In general.--Not later than one year after the date of
the enactment of this Act, and every 6 months thereafter, the
head of each covered agency shall submit to the Director the
following, with respect to the IT working capital fund for
that covered agency:
(A) A list of each information technology investment funded
with estimated cost and completion date for each such
investment.
(B) A summary by fiscal year of the obligations,
expenditures, and unused balances.
(2) Public availability.--The Director shall make the
information required pursuant to paragraph (1) publicly
available on a website.
(c) Covered Agency Defined.--In this section, the term
``covered agency'' means each agency listed in section 901(b)
of title 31, United States Code.
SEC. 4. ESTABLISHMENT OF INFORMATION TECHNOLOGY MODERNIZATION
FUND AND BOARD.
(a) Information Technology Modernization Fund.--
(1) Establishment.--There is established in the Treasury an
Information Technology Modernization Fund (in this section
referred to as the ``Fund'') for technology related
activities, to improve information technology, to enhance
cybersecurity across the Federal Government, and to be
administered in accordance with guidance established by the
Director of the Office of Management of Budget.
(2) Administration of fund.--The Administrator of General
Services, in consultation with the Chief Information Officers
Council and with the concurrence of the Director, shall
administer the Fund in accordance with this subsection.
(3) Use of funds.--The Administrator of General Services
shall, in accordance with the recommendations of the
Information Technology Modernization Board established under
subsection (b), use amounts in the Fund for the following
purposes:
(A) To transfer such amounts, to remain available until
expended, to the head of an agency to improve, retire, or
replace existing information technology systems to enhance
cybersecurity and improve efficiency and effectiveness.
(B) For the development, operation, and procurement of
information technology products, services, and acquisition
vehicles for use by agencies to improve Governmentwide
efficiency and cybersecurity in accordance with the
requirements of the agencies.
[[Page H5831]]
(C) To provide services or work performed in support of the
activities described under subparagraph (A) or (B).
(4) Credits; availability of funds.--
(A) Credits.--In addition to any funds otherwise
appropriated, the Fund shall be credited with all
reimbursements, advances, or refunds or recoveries relating
to information technology or services provided through the
Fund.
(B) Availability of funds.--Amounts deposited, credited, or
otherwise made available to the Fund shall be available, as
provided in appropriations Acts, until expended for the
purposes described in paragraph (3).
(5) Reimbursement.--
(A) Payment by agency.--For a product or service developed
under paragraph (3), the head of an agency that uses such
product or service shall pay an amount fixed by the
Administrator of General Services in accordance with this
subsection.
(B) Reimbursement by agency.--The head of an agency shall
reimburse the Fund for any transfer made under paragraph
(3)(A) in accordance with the terms established in the
written agreement described in paragraph (6). Notwithstanding
any other provision of law, an agency may make a
reimbursement required by this subparagraph from any
appropriation available for information technology
activities. An obligation to make a payment under an
agreement described in paragraph (6) in a future fiscal year
shall be recorded pursuant to section 1501 of title 31,
United States Code, in the fiscal year in which the payment
is due.
(C) Prices fixed by administrator of general services.--The
Administrator of General Services, in consultation with the
Director, shall establish amounts to be paid by an agency and
terms of repayment for use of a product or service developed
under paragraph (3) at levels sufficient to ensure the
solvency of the Fund, including operating expenses. Before
making any changes to the established amounts and terms of
repayment, the Administrator of General Services shall
conduct a review and obtain approval from the Director.
(D) Failure to make timely reimbursement.--The
Administrator of General Services may obtain reimbursement by
the issuance of transfer and counterwarrants, or other lawful
transfer documents, supported by itemized bills, if payment
is not made by an agency--
(i) within 90 days after the expiration of a repayment
period described in the written agreement described in
paragraph (6)(A); or
(ii) within 45 days after the expiration of the time period
to make a payment under a payment schedule for a product or
service developed under paragraph (3).
(6) Written agreement.--
(A) In general.--Before the transfer of funds to an agency
under paragraph (3)(A), the Administrator of General Services
(in consultation with the Director) and the head of the
requisitioning agency shall enter into a written agreement
documenting the purpose for which the funds will be used and
the terms of repayment. An agreement made pursuant to this
subparagraph shall be recorded as an obligation as provided
in paragraph (5)(B).
(B) Requirement for use of incremental development
practices.--For any funds transferred to an agency under
paragraph (3)(A), in the absence of compelling circumstances
documented by the Administrator of General Services at the
time of transfer, such funds shall be transferred only on an
incremental basis, tied to metric-based development
milestones achieved by the agency, to be described in the
written agreement required pursuant to subparagraph (A).
(7) Reporting requirement.--Not later than 6 months after
the date of the enactment of this Act, the Director shall
publish and maintain a list of each project funded by the
Fund on a public website to be updated not less than
quarterly, that includes a description of the project,
project status (including any schedule delay and cost
overruns), and financial expenditure data related to the
project.
(b) Information Technology Modernization Board.--
(1) Establishment.--There is established an Information
Technology Modernization Board (in this section referred to
as the ``Board'') which shall evaluate proposals submitted by
agencies for funding authorized under the Fund.
(2) Responsibilities.--The responsibilities of the Board
are the following:
(A) Provide input to the Director for the development of
processes for agencies to submit modernization proposals to
the Board and to establish the criteria by which such
proposals are evaluated, which shall include addressing the
greatest security and operational risks, having the greatest
Governmentwide impact, and having a high probability of
success based on factors such as a strong business case,
technical design, procurement strategy (including adequate
use of incremental software development practices), and
program management.
(B) Make recommendations to the Administrator of General
Services to assist agencies in the further development and
refinement of select submitted modernization proposals, based
on an initial evaluation performed with the assistance of the
Administrator of General Services.
(C) review and prioritize, with the assistance of the
Administrator of General Services and the Director,
modernization proposals based on criteria established
pursuant to subparagraph (A).
(D) Identify, with the assistance of the Administrator of
General Services, opportunities to improve or replace
multiple information technology systems with a smaller number
of information technology systems common to multiple
agencies.
(E) Recommend the funding of modernization projects, in
accordance with the uses described in subsection (a)(3), to
the Administrator of General Services.
(F) Monitor, in consultation with the Administrator of
General Services, progress and performance in executing
approved projects and, if necessary, recommend the suspension
or termination of funding for projects based on factors such
as failure to meet the terms of the written agreement
described in subsection (a)(6).
(G) Monitor operating costs of the Fund.
(3) Membership.--The Board shall consist of 8 voting
members.
(4) Chair.--The Chair of the Board shall be the
Administrator of the Office of Electronic Government.
(5) Permanent members.--The permanent members of the Board
shall be the following:
(A) The Administrator of the Office of Electronic
Government.
(B) A senior official from the General Services
Administration, who shall be appointed by the Administrator
of General Services.
(6) Additional members of the board.--
(A) Appointment.--The other members of the Board shall be
appointed as follows:
(i) One employee of the National Institute of Standards and
Technology of the Department of Commerce, appointed by the
Secretary of Commerce.
(ii) One employee of the National Protection and Programs
Directorate of the Department of Homeland Security, appointed
by the Secretary of Homeland Security.
(iii) One employee of the Department of Defense, appointed
by the Secretary of Defense.
(iv) Three Federal employees primarily having technical
expertise in information technology development, financial
management, cybersecurity and privacy, and acquisition,
appointed by the Director.
(B) Term.--Each member of the Board described in paragraph
(A) shall serve a term of one year, which shall be renewable
up to three times, at the discretion of the appointing
Secretary or Director, as applicable.
(7) Prohibition on compensation.--Members of the Board may
not receive additional pay, allowances, or benefits by reason
of their service on the Board.
(8) Staff.--Upon request of the Chair of the Board, the
Director and the Administrator of General Services may
detail, on a nonreimbursable basis, any of the personnel of
the Office of Management and Budget or the General Services
Administration (as the case may be) to the Board to assist it
in carrying out its functions under this Act.
(c) Responsibilities of the Administrator of General
Services.--
(1) In general.--In addition to the responsibilities
described in subsection (a), the Administrator of General
Services shall support the activities of the Board and
provide technical support to, and, with the concurrence of
the Director, oversight of, agencies that receive transfers
from the Fund.
(2) Responsibilities.--The responsibilities of the
Administrator of General Services are to--
(A) provide direct technical support in the form of
personnel services or otherwise to agencies transferred
amounts under subsection (a)(3)(A) and for products,
services, and acquisition vehicles funded under subsection
(a)(3)(B);
(B) assist the Board with the evaluation, prioritization,
and development of agency modernization proposals;
(C) perform regular project oversight and monitoring of
approved agency modernization projects, in consultation with
the Board and the Director, to increase the likelihood of
successful implementation and reduce waste; and
(D) provide the Director with information necessary to meet
the requirements of subsection (a)(7).
(d) Agency Defined.--In this section, the term ``agency''
has the meaning given that term in section 551 of title 5,
United States Code.
SEC. 5. DEFINITIONS.
In this Act:
(1) Cloud computing.--The term ``cloud computing'' has the
meaning given that term by the National Institute of
Standards and Technology in NIST Special Publication 800-145
and any amendatory or superseding document thereto.
(2) Director.--The term ``Director'' means the Director of
the Office of Management and Budget.
(3) Information technology.--The term ``information
technology'' has the meaning given that term in section 3502
of title 44, United States Code.
(4) Legacy information technology system.--The term
``legacy information technology system'' means an outdated or
obsolete system of information technology.
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from
Texas (Mr. Hurd) and the gentleman from Virginia (Mr. Connolly) each
will control 20 minutes.
The Chair recognizes the gentleman from Texas.
[[Page H5832]]
General Leave
Mr. HURD of Texas. Mr. Speaker, I ask unanimous consent that all
Members may have 5 legislative days in which to revise and extend their
remarks and include extraneous material on the bill under
consideration.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from Texas?
There was no objection.
Mr. HURD of Texas. Mr. Speaker, I yield myself such time as I may
consume.
Mr. Speaker, I rise today in support of my bill, H.R. 6004, the
Modernizing Government Technology Act of 2016. At the beginning of this
month, we released an extensive report detailing how the Office of
Personnel Management allowed the sensitive and personal information of
over 22 million Americans to be stolen, thereby jeopardizing our
national security for more than a generation of people.
The yearlong investigation produced many findings, including the
identification of a pressing need for Federal agencies to modernize
legacy IT in order to mitigate the cybersecurity threat inherent in
unsupported end-of-life IT systems and application. We had too many old
things on our network. In other words, a reliance on legacy IT can
result in security vulnerabilities where old software or operating
systems are no longer supported by vendors, and aging IT infrastructure
becomes difficult and expensive to secure.
We saw this firsthand with the OPM data breach where sensitive
information was stored on technology so old it was difficult, and in
some cases impossible, to implement security best practices like data
encryption.
OPM is not alone. It is common throughout the Federal Government for
agencies to struggle with legacy IT. For example, the Department of
Labor had to buy spare parts on eBay because they were no longer
available from the original vendor. Consider another example that our
committee learned about during a hearing that highlighted a GAO report
on legacy IT.
We learned DOD's Strategic Automated Command and Control System is 50
years ago old and runs on a 1970s IBM Series One computer that uses an
8-inch floppy disk. By comparison, it would take 3.2 million floppy
disks to equal the memory of one flash drive.
Numerous other agencies still use Windows 3.0, which was last
supported by the vendor in 2001; Windows NT, which last supported in
2004; and Windows 95, which was last supported by the vendor in 2001.
The recently issued OPM report demonstrates the security risk of such
legacy IT and recommends Congress consider new tools to incentivize the
transition from legacy to modernized IT solutions across the Federal
Government.
I am happy to say this bipartisan bill follows up on that
recommendation. The MGT Act builds on bills introduced by myself and
Minority Whip Steny Hoyer and ideas from Federal CIO Tony Scott based
on his experience in the private sector.
Mr. Speaker, the MGT Act is a key first step in beginning to
modernize the Federal Government's outdated and insecure IT
infrastructure. I urge my colleagues to support H.R. 6004.
I would like to thank a number of folks that worked hard for the past
few months to bring the best ideas forward in this one bill. I want to
thank Chairman Chaffetz and Ranking Member Cummings for their
leadership on this issue. I want to thank my colleague, Mr. Connolly,
who was the lead Democratic cosponsor.
As I said before, key portions of Mr. Hoyer's bill on the ITMF
legislation were included into the MGT Act. Of course, I would like to
thank my dear friend and ranking member of my subcommittee, Ms. Robin
Kelly of Illinois, along with Mr. Ted Lieu of California, and
especially Majority Leader Kevin McCarthy. His Innovation Initiative is
a key reason that we are able to talk about this significant piece of
legislation today.
Again, I would like to urge my colleagues to support H.R. 6004.
Mr. Speaker, I reserve the balance of my time.
Mr. CONNOLLY. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, I rise in support of H.R. 6004, the Modernizing
Government Technology Act of 2016.
Let me also thank my good friend and coauthor of this bill, Mr. Hurd
of Texas, for his leadership in shepherding this bill through our
committee and now on to the floor. Sometimes, deservedly, Congress gets
dinged on for not being able to get anything done. But the fact of the
matter is that, below the surface, lots of things can and do get done
with leadership, collaboration, and partnership. Mr. Hurd of Texas
epitomizes that, and my hat is off to him for his contribution on this
whole front of IT modernization and helping to bring the Federal
Government into the 21st century when it comes to the use of
technology.
Every day Federal agencies endure cyber attacks that have the
potential to cause incalculable damage to national security and the
privacy of all Americans. While the Federal Government does its best to
protect our critical computer networks, our efforts are often stymied
by the outdated legacy information technologies in Federal agencies.
Agencies spend nearly 75 percent of their IT budgets simply trying to
maintain these outdated systems. Let me repeat that: in an $82 billion
program for IT acquisition procurement and management, 75 percent of
that budget is not spent in updating the Federal Government in cutting-
edge technologies. It is spent maintaining what we have got, and in
some cases, those legacy systems go back 40 and 50 years.
I am proud to lead the Modernizing Government Technology Act of 2016
with Mr. Hurd of Texas to help our cyber defenders protect our most
important digital resources. When you are dealing with outmoded
technology, legacy systems oftentimes can't be protected. They can't be
encrypted, and that makes them terribly vulnerable--low hanging fruit
to those who would do harm to our country and would compromise the data
of millions of Americans.
This bill in front of us marries the IT Modernization Act and the
MOVE IT Act by establishing a clear role for both of these pieces of
legislation in this improvement process for Federal IT systems.
The MGT Act lays the foundation for the future of IT modernization
funding in the Federal Government. This bipartisan legislation will
provide a mechanism for agencies to get ahead of the curve and help
reduce the fiscal challenges facing every agency chief information
officer, or CIO. The MGT Act will authorize a significant upfront
investment to retire those vulnerable large-scale legacy systems
affecting multiple agencies.
Under the guidance of an Information Technology Modernization Board,
agencies will be able now to request funds to facilitate those
modernization efforts--something that would absolutely be the practice
in the private sector, as I know my friend, Mr. Hurd of Texas, knows.
If approved, those funds will be repaid through savings realized by the
implementation of the more modern IT systems. The bill places an
emphasis on following the practice of private industry and moving
toward cloud computing solutions.
The MGT Act will allow agencies to invest savings generated through
the Federal Information Technology Acquisition Reform Act, or FITARA
for short, and other reforms to make investments in cloud transition.
I was delighted to be a coauthor of the FITARA Act along with Darrell
Issa of California.
The MGT Act will establish working capital funds that will allow
those agencies to use savings from new, secure systems and to reinvest
in themselves, including in the movement toward the cloud. This creates
incentives for agencies to find those savings and reinvest internally
in themselves, creating a virtuous cycle.
The Modernizing Government Technology Act is supported by industry
experts and incorporates the same sort of mechanisms the private sector
often uses to secure its networks.
It is important for agencies to know that Congress not only expects
agencies to implement robust, modern cyber safeguards, but that it is
here to help them confront these challenges. This reform has the
potential to significantly speed up the Federal Government's move to
the 21st century technologies.
Mr. Speaker, I reserve the balance of my time.
[[Page H5833]]
Mr. HURD of Texas. Mr. Speaker, I yield myself such time as I may
consume.
As the distinguished gentleman from Virginia (Mr. Connolly), my
friend, pointed out, the GAO has identified that millions of taxpayer
dollars can be saved through consolidating data centers and modernizing
IT systems.
{time} 1415
To date, agencies have closed over 3,000 data centers out of over
10,000, resulting in a savings of $2.8 billion.
This bill authorizes agency-level working capital funds, as well as a
centralized IT modernization fund within Treasury and overseen by OMB.
These funds will accelerate our transition to modernize IT systems and
will save American taxpayers millions of dollars. In other words,
welcome to the 21st century, Federal Government. It is about time you
got here.
The Modernizing Government Technology Act does not appropriate any
new money, but, instead, builds on the successes of FITARA, which Mr.
Connolly was instrumental in making happen. It also invests savings in
retiring these data systems and accelerating our transition to the
cloud.
Folks recognize that sometimes up here in Washington, D.C., it can be
a circus, but there are times when folks working together can actually
solve major problems. This is one example of being in a partisan part
of our election cycle where people working together can solve a big
problem and do it to make sure that we are using American taxpayer
dollars wisely and eventually, hopefully, making sure they keep some of
that at home.
I reserve the balance of my time.
Mr. CONNOLLY. Mr. Speaker, I yield myself such time as I may consume.
I thank my good friend from Texas. He is always gracious and has
always been a wonderful partner in this enterprise.
In closing, the United States Government must come into the 21st
century. We owe it to the people we serve to protect the systems that
operate within the 24 Federal agencies we are particularly concerned
about.
We need to streamline management of IT assets; we need to make
strategic and wise investments; we need to have a schedule of
replacement for most of those legacy systems; and we need to encrypt
and protect against cyber attacks for the sake of the American people.
I think Mr. Hurd and I share that as a critical mission not only for
this Congress, but for the United States Government as a whole.
I am proud, again, to be an original coauthor and cosponsor of this
legislation, working with Mr. Hurd. I know we have other initiatives we
are going to be working on as well.
Mr. Speaker, I yield back the balance of my time.
Mr. HURD of Texas. Mr. Speaker, I urge adoption of this bill.
I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from Texas (Mr. Hurd) that the House suspend the rules and
pass the bill, H.R. 6004, as amended.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill, as amended, was passed.
A motion to reconsider was laid on the table.
____________________