[Congressional Record Volume 170, Number 88 (Tuesday, May 21, 2024)]
[House]
[Pages H3364-H3367]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
MODERNIZING GOVERNMENT TECHNOLOGY REFORM ACT
Ms. MACE. Madam Speaker, I move to suspend the rules and pass the
bill (H.R. 5527) to amend section 1078 of the National Defense
Authorization Act for Fiscal Year 2018 to increase the effectiveness of
the Technology Modernization Fund, and for other purposes, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:
H.R. 5527
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Modernizing Government
Technology Reform Act''.
SEC. 2. REALIGNING USE OF FUNDS WITH ORIGINAL CONGRESSIONAL
INTENT.
Section 1078 of the National Defense Authorization Act for
Fiscal Year 2018 (Public Law 115-91; 40 U.S.C. 11301 note) is
amended--
(1) in subsection (b)--
(A) by amending paragraph (3) to read as follows:
``(3) Use of funds.--
``(A) In general.--The Administrator shall, in accordance
with recommendations from the Board, use amounts in the Fund
for the following:
``(i) To transfer such amounts, to remain available until
expended, to the head of an agency for the acquisition,
procurement, and operation of information technology, or the
development of information technology when more efficient and
cost effective, to--
``(I) modernize, retire, or replace legacy information
technology systems used by the agency;
``(II) enhance cybersecurity and privacy at the agency;
``(III) improve long-term efficiency and effectiveness of
agency information technology; or
``(IV) improve the ability of the agency to perform the
mission of the agency and deliver services to the public.
``(ii) To provide services or work performed in support
of--
``(I) the activities described in clause (i); and
``(II) the Board and the Director in carrying out the
responsibilities described in subsection (c)(2).
``(iii) To fund only programs, projects, or activities, or
to fund increases for any programs, projects, or activities
that have not been denied or restricted by Congress.
``(iv) To transfer such amounts only for programs,
projects, or activities that will be reimbursed to the Fund
to the extent necessary to ensure total amounts in the Fund
are no less than the amounts needed to keep the Fund
operational until the Fund sunsets pursuant to subsection
(g)(1).
``(B) Termination or suspension of funds.--The
Administrator shall, in accordance with recommendations from
the Board, suspend or terminate funding for any project with
respect to which the head of an agency provided fraudulent or
misleading statements about such project (including
fraudulent statements about technical design, the business
case, or program management with respect to the project) in
the application or proposal for amounts from the Fund for
such project.'';
(B) in paragraph (5)--
(i) in subparagraph (A)--
(I) in clause (i)--
(aa) by striking ``or (B)''; and
(bb) by striking ``(3)(C)'' and inserting ``(3)(A)(ii)'';
and
(II) in clause (ii), by striking ``, consistent with any
applicable reprogramming law or guidelines of the Committees
on Appropriations of the Senate and the House of
Representatives''; and
(ii) in subparagraph (B)(i)--
(I) by striking ``paragraph (3)(C)'' and inserting
``paragraph (3)(A)(ii)''; and
(II) by striking ``the solvency of the Fund, including
operating expenses'' and inserting the following: ``total
amounts in the Fund are no less than the amounts needed to
keep the Fund operational until the Fund sunsets pursuant to
subsection (g)(1)'';
(C) in paragraph (6)--
(i) in subparagraph (A)--
(I) in the matter before clause (i), by striking
``subparagraphs (A) and (B) of paragraph (3)'' and inserting
the following: ``paragraph (3)(A)(i) and before any services
or work are provided under paragraph (3)(A)(ii)(I)'';
(II) in clause (i)--
(aa) by striking ``unless approved by the Director''; and
(bb) by striking ``; and'' and inserting a semicolon;
(III) by redesignating clause (ii) as clause (iv); and
(IV) by inserting after clause (i) the following new
clauses:
``(ii) which shall include terms of repayment that require
the head of the agency to reimburse the Fund for funds
transferred
[[Page H3365]]
under paragraph (3)(A)(i) at a level that ensures total
amounts in the Fund are no less than the amounts needed to
keep the Fund operational until the Fund sunsets pursuant to
subsection (g)(1);
``(iii) which shall include terms of repayment that require
the head of the agency to fully reimburse the Fund for any
services or work provided under paragraph (3)(A)(ii) in
direct support of the project; and''; and
(ii) in subparagraph (B)--
(I) by striking clause (i) and inserting the following:
``(i) for any funds transferred to an agency under
paragraph (3)(A)(i), in the absence of compelling
circumstances documented by the Administrator at the time of
transfer, that such funds shall be transferred only--
``(I) on an incremental basis, tied to metric-based
development milestones achieved by the agency through the use
of rapid, iterative, development processes; and
``(II) after the head of the agency has provided the
Director any information the Director is required to report
pursuant to paragraph (7)(A)(i); and''; and
(II) in clause (ii)--
(aa) by striking ``subparagraphs (A) and (B) of paragraph
(3)'' and inserting ``paragraph (3)(A)(i)''; and
(bb) by striking ``paragraph (6)'' and inserting ``this
paragraph'';
(D) in paragraph (7)--
(i) in subparagraph (A)(i)--
(I) by inserting ``the written agreement entered into under
paragraph (6),'' after ``description of the project,''; and
(II) by inserting ``(including documented market research
into commercial products and services)'' after ``used'';
(ii) in subparagraph (B)--
(I) in clause (i)--
(aa) by striking ``establishing''; and
(bb) by striking ``the cost savings associated with the
projects funded both annually and over the life of the
acquired products and services by the Fund;'' and inserting
the following: ``the amount repaid to the Fund in accordance
with the terms established in the written agreements
described in paragraph (6);'';
(II) in clause (ii)--
(aa) by striking ``reliability of the cost savings'' and
inserting ``total cost savings''; and
(bb) by striking the semicolon and inserting ``; and''; and
(III) in clause (iii), by striking ``; and'' and inserting
a period; and
(IV) by striking clause (iv);
(2) in subsection (c)(2)--
(A) in subparagraph (A)--
(i) in clause (ii), by striking ``the greatest
Governmentwide impact; and'' and inserting the following:
``the greatest impact on modernizing, retiring, or replacing
Federal legacy information technology systems; and'';
(ii) by redesignating clauses (i) through (iii) as clauses
(ii) through (iv), respectively; and
(iii) by inserting before clause (ii), as so redesignated,
the following new clause:
``(i) the ability for the head of the agency to ensure
repayment of funds transferred from the Fund to the head of
the agency, in accordance with subsection (b);'';
(B) in subparagraph (D), by striking ``to improve or
replace multiple information technology systems'' and
inserting the following: ``to modernize, retire, or replace
legacy information technology systems under subsection
(b)(3)(A)(i)''; and
(C) in subparagraph (F), by inserting after ``subsection
(b)(6)'' the following: ``or the identification of fraudulent
or misleading statements about the project (including
fraudulent statements about technical design, the business
case, or program management with respect to the project) in
the application or proposal for amounts from the Fund for the
project''; and
(D) in subparagraph (G), by inserting after ``operating
costs of the Fund'' the following: ``to ensure total amounts
in the Fund are no less than the amounts needed to keep the
Fund operational until the Fund sunsets pursuant to
subsection (g)(1)'';
(3) in subsection (c)--
(A) in paragraph (5)--
(i) in subparagraph (B) by striking the period at the end
and inserting ``; and''; and
(ii) by inserting after subparagraph (B) the following;
``(C) a senior official from the Cybersecurity and
Infrastructure Security Agency of the Department of Homeland
Security, appointed by the Director of the Cybersecurity and
Infrastructure Security Agency, with the approval of the
Director of the Office of Management and Budget.'';
(B) in paragraph (6)(A)--
(i) by striking ``shall be--'' and inserting ``shall be 4
employees of the Federal Government primarily having
technical expertise in information technology development,
financial management, cybersecurity and privacy, and
acquisition, appointed by the Director.''; and
(ii) by striking clauses (i) and (ii); and
(4) in subsection (d)(2)--
(A) in subparagraph (A), by striking ``subsection (b)(3)(A)
and for products, services, and acquisition vehicles funded
under subsection (b)(3)(B)'' and inserting ``subsection
(b)(3)''; and
(B) in subparagraph (C), by inserting after ``and reduce
waste'' the following: ``and ensure total amounts in the Fund
are no less than the amounts needed to keep the Fund
operational until the Fund sunsets pursuant to subsection
(g)(1)'';
(5) by redesignating subsections (e) and (f) as subsections
(f) and (g), respectively;
(6) by inserting after subsection (d) the following new
subsection:
``(e) Responsibilities of the Federal Chief Information
Officer; Agency Chief Information Officers.--
``(1) Agency inventory.--An agency Chief Information
Officer, in coordination with stakeholders and other agency
officials, shall provide to the Federal Chief Information
Officer--
``(A) on or before the first September 30 that occurs after
the date of the enactment of the Modernizing Government
Technology Reform Act of 2023, a list of high-risk legacy
information technology systems used, operated, or maintained
by the agency, in accordance with the guidance issued under
paragraph (4); and
``(B) on or before September 30 of each year after the
first year in which the list is provided under subparagraph
(A), any updates to such list.
``(2) Legacy federal it inventory.--The Federal Chief
Information Officer shall--
``(A) on or before the first December 30 that occurs after
the date of the enactment of the Modernizing Government
Technology Reform Act of 2023, compile a Legacy Federal IT
Inventory on the basis of the each list provided by an agency
Chief Information Officers under paragraph (1)(A) that
includes information about each high-risk legacy information
technology system used, operated, or maintained by an agency;
and
``(B) on or before December 30 each year after the year in
which the Legacy Federal IT Inventory is compiled, update
such Inventory on the basis of each update to the list
provided by an agency Chief Information Officer under
paragraph (1)(B).
``(3) Prioritization list.--
``(A) Requirement.--The Federal Chief Information Officer
shall--
``(i) not later than 90 days after the date on which the
Federal Chief Information Officer receives the list required
by paragraph (1)(A) from each agency Chief Information
Officer, compile, on the basis of each such list, a list of
10 legacy information technology systems that present the
greatest security, privacy, and operational risks to the
Federal Government; and
``(ii) not later than 90 days after the date on which the
Federal Chief Information Officer receives updates under
paragraph (1)(B) from each agency Chief Information Officer,
update the list required by subparagraph (A) on the basis of
each updates to the list provided by agency Chief information
Officers under paragraph (1)(B).
``(B) Report to congress.--Not later than 14 days after the
date on which the Federal Chief Information Officer compiles
the list required by subparagraph (A), or updates such list,
the Director shall submit to the Committee on Oversight and
Accountability of the House of Representatives, the Committee
on Homeland Security and Governmental Affairs of the Senate,
and the Comptroller General of the United States, a report
(which may include a classified annex) containing--
``(i) such list (including any update made to such list
under subparagraph (A)(ii)); and
``(ii) each list provided by an agency Chief Information
Officer under paragraph (1)(A) (including any update made to
any such list under paragraph (1)(B)).
``(4) Guidance.--
``(A) In general.--Not later than 180 days after enactment
of this Act, the Director shall issue guidance on
implementing the requirements of this subsection that shall,
at a minimum--
``(i) prescribe an appropriate format for list to be
provided under paragraph (1)(A);
``(ii) prescribe the information to be included in the
Legacy Federal IT Inventory required by paragraph (2);
``(iii) provide guidance on how an agency Chief Information
Officer should identify high-risk legacy information
technology systems that, at least, requires agency Chief
Information Officers, in coordination with other agency
stakeholders, to identify as a high risk legacy information
technology system any outdated or obsolete system of
information technology that is critical to the agency such
that the loss or degradation of the system would create a
security, operational, or privacy risk to the agency or would
otherwise impact the ability of the agency to perform the
mission of the agency, effectively deliver programs, or
conduct business; and
``(iv) provide guidance on how existing reporting
structures can be used to submit the Legacy Federal IT
inventory required by paragraph (2).
``(B) Updates.--The Director may update the guidance issued
under subparagraph (A) as the Director determines necessary.
``(5) Definitions.--In this subsection:
``(A) Agency chief information officer.--The term `agency
Chief Information Officer' means a Chief Information Officer
designated under section 3506(a)(2) of title 44, United
States Code.
``(B) Federal chief information officer.--The term `Federal
Chief Information Officer' means the Administrator of the
Office of Electronic Government.''; and
(7) in subsection (g)(1), as so redesignated, by striking
``On and after the date that is 2 years after the date on
which the Comptroller General of the United States issues the
third report required under subsection (b)(7)(B),'' and
inserting ``After December 31, 2031,''.
[[Page H3366]]
The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from
South Carolina (Ms. Mace) and the gentleman from Maryland (Mr. Raskin)
each will control 20 minutes.
The Chair recognizes the gentlewoman from South Carolina.
General Leave
Ms. MACE. Madam Speaker, I ask unanimous consent that all Members may
have 5 legislative days in which to revise and extend their remarks and
include extraneous material on this measure.
The SPEAKER pro tempore. Is there objection to the request of the
gentlewoman from South Carolina?
There was no objection.
Ms. MACE. Madam Speaker, I yield myself such time as I may consume.
Madam Speaker, I rise today in support of H.R. 5527.
The Technology Modernization Fund, or the TMF, was established by the
bipartisan, Republican-led Modernizing Government Technology Act of
2017.
The TMF was established because it can be difficult to plan and
budget for Federal legacy IT upgrades through the annual appropriations
cycle.
The TMF addresses this problem by acting as a self-sustaining funding
mechanism to assist agencies with legacy IT modernization projects that
span multiple fiscal years.
The Federal Government depends on IT systems for everything from
national defense to the administration of benefits programs.
Over the course of this Congress, the House Oversight Subcommittee on
Cybersecurity, Information Technology, and Government Innovation has
heard from current and former government officials about the risks and
costs associated with Federal legacy IT systems.
These risks include cyberattacks targeted toward highly vulnerable
legacy systems that house sensitive public data. These half-century-old
IT systems are prime targets for malicious actors and enemy nation-
states.
My bill, the Modernizing Government Technology Reform Act, enhances
the Technology Modernization Fund by ensuring a sustainable financing
tool for fixing costly and risky legacy IT systems.
The TMF has strayed from the original congressional intent
established by the bipartisan law Congress passed. It does not
consistently require agencies to repay their awards, an operational
policy decision made by the administration which has put a strain on
TMF's resources and hindered the fund's ability to help address future
legacy IT modernization projects.
With this legislation, we will refocus the TMF on the longstanding
need to replace legacy IT systems and address our cybersecurity risks.
The reforms made to the TMF by H.R. 5527 also prioritize fiscal
responsibility and are common sense. Let's run through some of them
quickly in the bill:
This will require TMF awards to be reimbursed at a rate sufficient to
keep the fund operational through 2031.
It requires the TMF to recover all administrative costs that projects
incur.
It requires the TMF to suspend or terminate project funding if
fraudulent or misleading statements were used to obtain funds.
It provides agencies more flexibility to repay the TMF.
It increases the visibility into TMF awards by requiring written
agreements governing each award to be made publicly available.
This legislation also requires each agency to conduct an inventory of
its legacy IT systems, creating a new oversight tool to ensure the
Federal Government is addressing the problem of legacy IT systems.
Reforming the TMF is necessary to ensure it remains a sustainable,
revolving fund that can be used to address the costly challenge of
modernizing legacy IT into the future.
This is smart and timely reform. This is a fair and balanced
reauthorization.
I am grateful to my colleagues Representatives Connolly and Khanna
for their support and collaboration on this effort. I urge my
colleagues to support this bipartisan legislation, and I reserve the
balance of my time.
Mr. RASKIN. Madam Speaker, I yield myself such time as I may consume.
I thank the distinguished gentlewoman from South Carolina for her
great leadership on this as well as Mr. Connolly from Virginia for his
very hard work on it, too.
In this century, public confidence in the Federal Government depends
on ensuring that our Federal information technology systems and
websites are secure, safe, and effective. We invest more than $100
billion every year in Federal IT needs. Outdated legacy IT systems and
infrastructure are costly to maintain and very challenging to secure
against the onslaught of cyberattacks by adversaries and criminal
organizations. The constantly changing landscape of information
technology requires resources if Federal agencies are going to be able
to protect data privacy, complete their missions, and effectively serve
our people.
The Modernizing Government Technology Reform Act would ensure this
important work continues smoothly by extending the Technology
Modernization Fund's sunset from December 2025 to December 2031. It
would also clarify the use of funds and maintain the repayment
flexibility adopted by the Technology Modernization Fund, known as the
TMF, in recent years while ensuring its solvency by setting minimum
reimbursement requirements.
Additionally, the bill sets requirements for regularly updated
inventories and lists of legacy Federal IT systems and high-risk
Federal IT systems, as well as of the legacy systems that present the
greatest security, privacy, and operational risks.
This timely and comprehensive picture of the Federal Government's
most serious IT modernization needs will inform the ability of the TMF,
the administration, and Congress to make the best investments.
The TMF provides a self-sustaining funding model that has become an
essential tool for Federal agencies to address these challenges. It
supplies upfront funding for IT projects in exchange for future
reimbursement once a project's cost savings are realized, allowing
agencies the flexibility they need to address modernization needs
outside of the traditional budget cycle.
The TMF also instills accountability safeguards to ensure that
taxpayers are getting strong returns on our investments. Projects are
selected for funding after rigorous review by the TMF board of
technology experts, and written funding agreements outline specific
requirements and milestones that have to be met. Funds are distributed
incrementally based on performance as assessed by quarterly reviews by
the board, and technical experts provide hands-on support toward
successful execution of the projects.
Committee Democrats have supported robust oversight and funding for
the TMF, including a historic $1 billion investment through the
American Rescue Plan. With this infusion, high-priority projects were
also allowed reduced repayment requirements, if warranted. Since the
infusion of these moneys, the TMF has received more than 220 agency
proposals requesting more than $3.5 billion, far outpacing our funding
availability.
To date, the TMF has provided over $900 million to 57 IT
modernization projects across 32 agencies, and the Biden-Harris
administration has embraced it as an indispensable tool to better serve
the American people.
For example, TMF funding is helping to digitize veterans' records,
ensuring that more than 1 million people and their family members who
reach out to the National Archives and Records Administration every
year get timely access to the documents they need to verify their
qualification for important lifesaving benefits.
TMF funding is also expediting the speed and safety of food
inspection at the USDA, leading to better meals for school kids and
servicemembers alike. TMF funding also better secures all of our
personal data at the Social Security Administration and the Department
of Education.
I thank Representatives Mace and Connolly for their great work on
this important project. I urge my colleagues to support the bill, and I
reserve the balance of my time.
Ms. MACE. Madam Speaker, I yield 3 minutes to the gentleman from New
York (Mr. Langworthy).
Mr. LANGWORTHY. Madam Speaker, I thank the gentlewoman from South
Carolina for the time.
I rise today in support of the Modernizing Government Technology
Reform Act. It is no secret that America's cyber infrastructure is
under constant
[[Page H3367]]
attack by our adversaries, including China, Russia, Iran, and North
Korea.
FBI Director Christopher Wray recently warned Americans of the cyber
threat that China poses, declaring that China's hackers are preparing
to wreak havoc and cause real-world harm to American citizens and
communities.
{time} 1545
Yet, despite warning after warning of the rising threats to our
Nation's cyber infrastructure, our Federal agencies remain dangerously
vulnerable to future, potentially devastating cyberattacks.
Every year, the Federal Government spends over $100 billion on IT and
cybersecurity. Nonetheless, 80 percent of this spending goes to
operating and maintaining outdated, obsolete legacy systems. These
aging systems not only waste taxpayer money but also leave us exposed
to our enemies.
These IT systems also require specific technical knowledge to operate
and update, which creates enormous procurement and hiring challenges,
leaving agencies scrambling to find vendors and employees with the
necessary skills. In addition to the upfront costs associated with
updating legacy IT, many of these systems continue to run with known
security vulnerabilities and unsupported hardware or software. This is
a ticking time bomb.
In an effort to bring the Federal Government up to speed with the
challenges of modern-day cyber threats, Congress established the
technology modernization fund to help eliminate these vulnerabilities
and provide funding to improve, retire, or replace antiquated Federal
IT systems and strengthen our agencies' cyber defenses, all without
additional expense to the American taxpayer.
That is why reauthorizing and reforming the technology modernization
fund is essential to our future success. Under this legislation,
Federal agencies can continue the modernization process and adopt
newer, safer technology in a rapidly advancing and increasingly
dangerous world, all with greater congressional oversight to keep these
efforts on track.
As my colleagues have already mentioned, this bill also establishes a
Federal legacy IT inventory, a new oversight tool that will enable
Congress to evaluate agency and government-wide efforts to modernize
legacy IT technology and ensure that such critical modernization
efforts are being done the right way.
Madam Speaker, our national security is at stake. We can't afford to
become complacent while our adversaries plot against us.
Madam Speaker, I urge my colleagues to take our cybersecurity
seriously and support H.R. 5527.
Mr. RASKIN. Madam Speaker, I have no further speakers. I yield myself
such time as I may consume for the purpose of closing.
Madam Speaker, I urge everybody to support this fine legislation, and
I yield back the balance of my time.
Ms. MACE. Madam Speaker, I yield myself such time as I may consume
for the purpose of closing.
Madam Speaker, H.R. 5527 helps ensure the TMF can continue to address
the legacy IT modernization efforts reducing Federal cyber risk and
inefficiencies in Government operations.
Madam Speaker, I thank my colleagues, again, across the aisle for
their support. I encourage all of my colleagues to support this very
necessary legislation, and I yield back the balance of my time.
Mr. CONNOLLY. Madam Speaker, I rise today in support of the
Modernizing Government Technology Reform Act (H.R. 5527) and thank
Chairwoman Mace for partnering with me on this very important piece of
legislation.
In in 2017, Republican Representative Will Hurd and I coauthored the
original MGT Act, which did two fundamental things.
First, it authorized all CFO Act agencies to establish IT Working
Capital Funds (WCF), which the Subcommittee has historically tracked
through the FITARA Scorecard.
Second, the bill established a centralized Technology Modernization
Fund (TMF) and a governing board for the TMF.
While we have never been able to get sufficient support for the TMF
from our colleagues on the Appropriations Committee, the Biden
Administration saw the value of the Fund when it requested $9 billion
for the TMF as part of its COVID recovery plan.
We were ultimately able to secure $1 billion in the American Rescue
Plan Act (117-2).
The TMF has used that funding to help bring agencies into the 21st
century.
Examples include digitizing the Department of Veterans Affairs' (VA)
customer support and Better Veterans Benefits Management systems,
modernizing the U.S. Office of Personnel Management's (OPM) website,
and implementing a zero-trust architecture at the U.S. Agency for
International Development (USAID).
Building off the original MGT Act's success, the MGT Reform Act will
extend the authorization for the TMF through 2031 and sustain this
critical IT investment tool for federal agencies.
The bill also directs agencies to create legacy federal IT
inventories that includes information about each high-risk legacy
information technology system used, operated, or maintained by an
agency.
This legacy federal IT inventory provision could be critical to
finally retiring all unsupported and costly legacy systems from
government use.
We cannot afford to wait until we are in the midst of the next global
disaster to modernize federal IT.
I strongly urge my colleagues to vote yes on the passage of the
Modernizing Governrnent Technology Reform Act.
The SPEAKER pro tempore. The question is on the motion offered by the
gentlewoman from South Carolina (Ms. Mace) that the House suspend the
rules and pass the bill, H.R. 5527, as amended.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill, as amended, was passed.
A motion to reconsider was laid on the table.
____________________