Federal Chief Information Officer Clare Martorana told House lawmakers today that she envisions promising payoffs over the next year from Technology Modernization Fund (TMF) investments spurred by Congress’s $1 billion cash infusion into the fund last year.
At a House Government Operations Subcommittee hearing that covered a wide range of Federal IT issues, Martorana also sparred with Ranking Member Jody Hice, R-Ga., over the status of agency-level cybersecurity data that was a subject of contention at the subcommittee’s FITARA Scorecard hearing in July.
TMF Tussling
Rep. Hice aired a list of concerns he has with the TMF, including what he called the program’s lack of sharp focus on retiring legacy Federal agency IT systems, and action by the Biden administration to relax program rules that require agencies to pay back the fund with savings generated by IT modernization projects.
“Why should we believe that the TMF has become nothing more than a slush fund,” he asked.
Martorana responded that the fund has always required agencies to repay awards, and said that a relaxation of that requirement to make full repayment reflects the emergency nature of the American Rescue Plan Act that gave the TMF $1 billion of new money last year.
“The American rescue plan was an emergency appropriation,” she said, adding, “we were dealing with dire circumstances in several agencies” with cybersecurity problems.
She also said that the TMF program office within the General Services Administration (GSA) has beefed up its workforce considerably since the funding infusion, including putting more technologists on the job and working more closely with agencies on their proposals.
“Over the next year you are going to see dramatically improved” projects funded by TMF, “because we are managing them differently,” she said.
Martorana also said that the fund is “staying close” to its mission of funding IT modernization projects, even if those extend to related goals of improving cybersecurity and citizen service delivery.
Subcommittee Chairman Gerry Connolly, D-Va. – one of the prime movers behind making sure that TMF gets appropriations from Congress – reiterated his belief that TMF needs more funding going forward to help Federal agencies modernize.
He cited recent statements from TMF officials that the fund has received proposals for projects totaling at least $2 billion. “We must continue to support funding,” the chairman urged.
Cyber Data, CAP Goals
Rep. Hice also questioned the Federal CIO on the status of agency-level cybersecurity data that subcommittee members complained about during the July FITARA Scorecard hearing, saying then that the lack of data resulted in incomplete scoring. Agency cybersecurity grades are one of several categories that the scorecard uses in developing overall grades for the 24 CFO Act agencies.
The congressman faulted the Biden administration for failing to issue in a timely way cross-agency priority (CAP) goals under its President’s Management Agenda (PMA). The administration’s failure to deliver CAP goals by February 2022, he said, resulted in the lack of agency-level data necessary to properly grade agencies for cybersecurity on the FITARA Scorecard.
Rep. Hice said the administration “ignored the law” in failing to meet the February deadline, and said what Congress needs to conduct proper oversight is a “long-term management blueprint” for improving Federal agency performance.
Martorana responded that the Office of Management and Budget (OMB) was “technically in compliance” with requirements to issue the CAP goals, and made those public on August 9.
“But your point is valid,” she told Rep. Hice, regarding the effect of the timing of the data on the last FITARA Scorecard. “I am in agreement with you that is a responsibility we have … we are working hard” on being responsive to Congress, she added.
Log4j Discussion
Elsewhere during today’s hearing, Rep. Stephen Lynch, D-Mass., asked Martorana about the status of the Federal government’s efforts to mitigate against the Apache Log4j vulnerability flagged by the Cybersecurity and Infrastructure Security Agency (CISA).
The Federal CIO responded that Federal agencies will continue to deal with the vulnerability, and that OMB’s order issued earlier this week on secure software development and supply chain security is a “critical part of how we will manage this.”
Rep. Lynch proposed a classified briefing for further details on the vulnerability’s impact on Federal government servers.
