Modernizing Government Technology Reform Act

Floor Speech

BREAK IN TRANSCRIPT

Ms. MACE. Madam Speaker, I move to suspend the rules and pass the bill (H.R. 5527) to amend section 1078 of the National Defense Authorization Act for Fiscal Year 2018 to increase the effectiveness of the Technology Modernization Fund, and for other purposes, as amended.

The Clerk read the title of the bill.

The text of the bill is as follows: H.R. 5527

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.

This Act may be cited as the ``Modernizing Government Technology Reform Act''. SEC. 2. REALIGNING USE OF FUNDS WITH ORIGINAL CONGRESSIONAL INTENT.

Section 1078 of the National Defense Authorization Act for Fiscal Year 2018 (Public Law 115-91; 40 U.S.C. 11301 note) is amended--

(1) in subsection (b)--

(A) by amending paragraph (3) to read as follows:

``(3) Use of funds.--

``(A) In general.--The Administrator shall, in accordance with recommendations from the Board, use amounts in the Fund for the following:

``(i) To transfer such amounts, to remain available until expended, to the head of an agency for the acquisition, procurement, and operation of information technology, or the development of information technology when more efficient and cost effective, to--

``(I) modernize, retire, or replace legacy information technology systems used by the agency;

``(II) enhance cybersecurity and privacy at the agency;

``(III) improve long-term efficiency and effectiveness of agency information technology; or

``(IV) improve the ability of the agency to perform the mission of the agency and deliver services to the public.

``(ii) To provide services or work performed in support of--

``(I) the activities described in clause (i); and

``(II) the Board and the Director in carrying out the responsibilities described in subsection (c)(2).

``(iii) To fund only programs, projects, or activities, or to fund increases for any programs, projects, or activities that have not been denied or restricted by Congress.

``(iv) To transfer such amounts only for programs, projects, or activities that will be reimbursed to the Fund to the extent necessary to ensure total amounts in the Fund are no less than the amounts needed to keep the Fund operational until the Fund sunsets pursuant to subsection (g)(1).

``(B) Termination or suspension of funds.--The Administrator shall, in accordance with recommendations from the Board, suspend or terminate funding for any project with respect to which the head of an agency provided fraudulent or misleading statements about such project (including fraudulent statements about technical design, the business case, or program management with respect to the project) in the application or proposal for amounts from the Fund for such project.'';

(B) in paragraph (5)--

(i) in subparagraph (A)--

(I) in clause (i)--

(aa) by striking ``or (B)''; and

(bb) by striking ``(3)(C)'' and inserting ``(3)(A)(ii)''; and

(II) in clause (ii), by striking ``, consistent with any applicable reprogramming law or guidelines of the Committees on Appropriations of the Senate and the House of Representatives''; and

(ii) in subparagraph (B)(i)--

(I) by striking ``paragraph (3)(C)'' and inserting ``paragraph (3)(A)(ii)''; and

(II) by striking ``the solvency of the Fund, including operating expenses'' and inserting the following: ``total amounts in the Fund are no less than the amounts needed to keep the Fund operational until the Fund sunsets pursuant to subsection (g)(1)'';

(C) in paragraph (6)--

(i) in subparagraph (A)--

(I) in the matter before clause (i), by striking ``subparagraphs (A) and (B) of paragraph (3)'' and inserting the following: ``paragraph (3)(A)(i) and before any services or work are provided under paragraph (3)(A)(ii)(I)'';

(II) in clause (i)--

(aa) by striking ``unless approved by the Director''; and

(bb) by striking ``; and'' and inserting a semicolon;

(III) by redesignating clause (ii) as clause (iv); and

(IV) by inserting after clause (i) the following new clauses:

``(ii) which shall include terms of repayment that require the head of the agency to reimburse the Fund for funds transferred under paragraph (3)(A)(i) at a level that ensures total amounts in the Fund are no less than the amounts needed to keep the Fund operational until the Fund sunsets pursuant to subsection (g)(1);

``(iii) which shall include terms of repayment that require the head of the agency to fully reimburse the Fund for any services or work provided under paragraph (3)(A)(ii) in direct support of the project; and''; and

(ii) in subparagraph (B)--

(I) by striking clause (i) and inserting the following:

``(i) for any funds transferred to an agency under paragraph (3)(A)(i), in the absence of compelling circumstances documented by the Administrator at the time of transfer, that such funds shall be transferred only--

``(I) on an incremental basis, tied to metric-based development milestones achieved by the agency through the use of rapid, iterative, development processes; and

``(II) after the head of the agency has provided the Director any information the Director is required to report pursuant to paragraph (7)(A)(i); and''; and

(II) in clause (ii)--

(aa) by striking ``subparagraphs (A) and (B) of paragraph (3)'' and inserting ``paragraph (3)(A)(i)''; and

(bb) by striking ``paragraph (6)'' and inserting ``this paragraph'';

(D) in paragraph (7)--

(i) in subparagraph (A)(i)--

(I) by inserting ``the written agreement entered into under paragraph (6),'' after ``description of the project,''; and

(II) by inserting ``(including documented market research into commercial products and services)'' after ``used'';

(ii) in subparagraph (B)--

(I) in clause (i)--

(aa) by striking ``establishing''; and

(bb) by striking ``the cost savings associated with the projects funded both annually and over the life of the acquired products and services by the Fund;'' and inserting the following: ``the amount repaid to the Fund in accordance with the terms established in the written agreements described in paragraph (6);'';

(II) in clause (ii)--

(aa) by striking ``reliability of the cost savings'' and inserting ``total cost savings''; and

(bb) by striking the semicolon and inserting ``; and''; and

(III) in clause (iii), by striking ``; and'' and inserting a period; and

(IV) by striking clause (iv);

(2) in subsection (c)(2)--

(A) in subparagraph (A)--

(i) in clause (ii), by striking ``the greatest Governmentwide impact; and'' and inserting the following: ``the greatest impact on modernizing, retiring, or replacing Federal legacy information technology systems; and'';

(ii) by redesignating clauses (i) through (iii) as clauses (ii) through (iv), respectively; and

(iii) by inserting before clause (ii), as so redesignated, the following new clause:

``(i) the ability for the head of the agency to ensure repayment of funds transferred from the Fund to the head of the agency, in accordance with subsection (b);'';

(B) in subparagraph (D), by striking ``to improve or replace multiple information technology systems'' and inserting the following: ``to modernize, retire, or replace legacy information technology systems under subsection (b)(3)(A)(i)''; and

(C) in subparagraph (F), by inserting after ``subsection (b)(6)'' the following: ``or the identification of fraudulent or misleading statements about the project (including fraudulent statements about technical design, the business case, or program management with respect to the project) in the application or proposal for amounts from the Fund for the project''; and

(D) in subparagraph (G), by inserting after ``operating costs of the Fund'' the following: ``to ensure total amounts in the Fund are no less than the amounts needed to keep the Fund operational until the Fund sunsets pursuant to subsection (g)(1)'';

(3) in subsection (c)--

(A) in paragraph (5)--

(i) in subparagraph (B) by striking the period at the end and inserting ``; and''; and

(ii) by inserting after subparagraph (B) the following;

``(C) a senior official from the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, appointed by the Director of the Cybersecurity and Infrastructure Security Agency, with the approval of the Director of the Office of Management and Budget.'';

(B) in paragraph (6)(A)--

(i) by striking ``shall be--'' and inserting ``shall be 4 employees of the Federal Government primarily having technical expertise in information technology development, financial management, cybersecurity and privacy, and acquisition, appointed by the Director.''; and

(ii) by striking clauses (i) and (ii); and

(4) in subsection (d)(2)--

(A) in subparagraph (A), by striking ``subsection (b)(3)(A) and for products, services, and acquisition vehicles funded under subsection (b)(3)(B)'' and inserting ``subsection (b)(3)''; and

(B) in subparagraph (C), by inserting after ``and reduce waste'' the following: ``and ensure total amounts in the Fund are no less than the amounts needed to keep the Fund operational until the Fund sunsets pursuant to subsection (g)(1)'';

(5) by redesignating subsections (e) and (f) as subsections (f) and (g), respectively;

(6) by inserting after subsection (d) the following new subsection:

``(e) Responsibilities of the Federal Chief Information Officer; Agency Chief Information Officers.--

``(1) Agency inventory.--An agency Chief Information Officer, in coordination with stakeholders and other agency officials, shall provide to the Federal Chief Information Officer--

``(A) on or before the first September 30 that occurs after the date of the enactment of the Modernizing Government Technology Reform Act of 2023, a list of high-risk legacy information technology systems used, operated, or maintained by the agency, in accordance with the guidance issued under paragraph (4); and

``(B) on or before September 30 of each year after the first year in which the list is provided under subparagraph (A), any updates to such list.

``(2) Legacy federal it inventory.--The Federal Chief Information Officer shall--

``(A) on or before the first December 30 that occurs after the date of the enactment of the Modernizing Government Technology Reform Act of 2023, compile a Legacy Federal IT Inventory on the basis of the each list provided by an agency Chief Information Officers under paragraph (1)(A) that includes information about each high-risk legacy information technology system used, operated, or maintained by an agency; and

``(B) on or before December 30 each year after the year in which the Legacy Federal IT Inventory is compiled, update such Inventory on the basis of each update to the list provided by an agency Chief Information Officer under paragraph (1)(B).

``(3) Prioritization list.--

``(A) Requirement.--The Federal Chief Information Officer shall--

``(i) not later than 90 days after the date on which the Federal Chief Information Officer receives the list required by paragraph (1)(A) from each agency Chief Information Officer, compile, on the basis of each such list, a list of 10 legacy information technology systems that present the greatest security, privacy, and operational risks to the Federal Government; and

``(ii) not later than 90 days after the date on which the Federal Chief Information Officer receives updates under paragraph (1)(B) from each agency Chief Information Officer, update the list required by subparagraph (A) on the basis of each updates to the list provided by agency Chief information Officers under paragraph (1)(B).

``(B) Report to congress.--Not later than 14 days after the date on which the Federal Chief Information Officer compiles the list required by subparagraph (A), or updates such list, the Director shall submit to the Committee on Oversight and Accountability of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Comptroller General of the United States, a report (which may include a classified annex) containing--

``(i) such list (including any update made to such list under subparagraph (A)(ii)); and

``(ii) each list provided by an agency Chief Information Officer under paragraph (1)(A) (including any update made to any such list under paragraph (1)(B)).

``(4) Guidance.--

``(A) In general.--Not later than 180 days after enactment of this Act, the Director shall issue guidance on implementing the requirements of this subsection that shall, at a minimum--

``(i) prescribe an appropriate format for list to be provided under paragraph (1)(A);

``(ii) prescribe the information to be included in the Legacy Federal IT Inventory required by paragraph (2);

``(iii) provide guidance on how an agency Chief Information Officer should identify high-risk legacy information technology systems that, at least, requires agency Chief Information Officers, in coordination with other agency stakeholders, to identify as a high risk legacy information technology system any outdated or obsolete system of information technology that is critical to the agency such that the loss or degradation of the system would create a security, operational, or privacy risk to the agency or would otherwise impact the ability of the agency to perform the mission of the agency, effectively deliver programs, or conduct business; and

``(iv) provide guidance on how existing reporting structures can be used to submit the Legacy Federal IT inventory required by paragraph (2).

``(B) Updates.--The Director may update the guidance issued under subparagraph (A) as the Director determines necessary.

``(5) Definitions.--In this subsection:

``(A) Agency chief information officer.--The term `agency Chief Information Officer' means a Chief Information Officer designated under section 3506(a)(2) of title 44, United States Code.

``(B) Federal chief information officer.--The term `Federal Chief Information Officer' means the Administrator of the Office of Electronic Government.''; and

(7) in subsection (g)(1), as so redesignated, by striking ``On and after the date that is 2 years after the date on which the Comptroller General of the United States issues the third report required under subsection (b)(7)(B),'' and inserting ``After December 31, 2031,''.
BREAK IN TRANSCRIPT

Ms. MACE. Madam Speaker, I yield myself such time as I may consume.

Madam Speaker, I rise today in support of H.R. 5527.

The Technology Modernization Fund, or the TMF, was established by the bipartisan, Republican-led Modernizing Government Technology Act of 2017.

The TMF was established because it can be difficult to plan and budget for Federal legacy IT upgrades through the annual appropriations cycle.

The TMF addresses this problem by acting as a self-sustaining funding mechanism to assist agencies with legacy IT modernization projects that span multiple fiscal years.

The Federal Government depends on IT systems for everything from national defense to the administration of benefits programs.

Over the course of this Congress, the House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation has heard from current and former government officials about the risks and costs associated with Federal legacy IT systems.

These risks include cyberattacks targeted toward highly vulnerable legacy systems that house sensitive public data. These half-century-old IT systems are prime targets for malicious actors and enemy nation- states.

My bill, the Modernizing Government Technology Reform Act, enhances the Technology Modernization Fund by ensuring a sustainable financing tool for fixing costly and risky legacy IT systems.

The TMF has strayed from the original congressional intent established by the bipartisan law Congress passed. It does not consistently require agencies to repay their awards, an operational policy decision made by the administration which has put a strain on TMF's resources and hindered the fund's ability to help address future legacy IT modernization projects.

With this legislation, we will refocus the TMF on the longstanding need to replace legacy IT systems and address our cybersecurity risks.

The reforms made to the TMF by H.R. 5527 also prioritize fiscal responsibility and are common sense. Let's run through some of them quickly in the bill:

This will require TMF awards to be reimbursed at a rate sufficient to keep the fund operational through 2031.

It requires the TMF to recover all administrative costs that projects incur.

It requires the TMF to suspend or terminate project funding if fraudulent or misleading statements were used to obtain funds.

It provides agencies more flexibility to repay the TMF.

It increases the visibility into TMF awards by requiring written agreements governing each award to be made publicly available.

This legislation also requires each agency to conduct an inventory of its legacy IT systems, creating a new oversight tool to ensure the Federal Government is addressing the problem of legacy IT systems.

Reforming the TMF is necessary to ensure it remains a sustainable, revolving fund that can be used to address the costly challenge of modernizing legacy IT into the future.

This is smart and timely reform. This is a fair and balanced reauthorization.

I am grateful to my colleagues Representatives Connolly and Khanna for their support and collaboration on this effort. I urge my colleagues to support this bipartisan legislation, and I reserve the balance of my time.

BREAK IN TRANSCRIPT

Ms. MACE. Madam Speaker, I yield 3 minutes to the gentleman from New York (Mr. Langworthy).

BREAK IN TRANSCRIPT

Ms. MACE. Madam Speaker, I yield myself such time as I may consume for the purpose of closing.

Madam Speaker, H.R. 5527 helps ensure the TMF can continue to address the legacy IT modernization efforts reducing Federal cyber risk and inefficiencies in Government operations.

Madam Speaker, I thank my colleagues, again, across the aisle for their support. I encourage all of my colleagues to support this very necessary legislation, and I yield back the balance of my time.

BREAK IN TRANSCRIPT

Source