Don’t pop the champagne or start planning the celebration quite yet. The Modernizing Government Technology Act still has a long way to go before it becomes a law.
Yes, the House passed Rep. Will Hurd’s (R-Texas) MGT Act on May 17 by voice vote. And yes, the Congressional Budget Office score of the legislation came back at $500 million instead of $9 billion, which some say stopped MGT from moving forward last session.
But the fact is Senate appropriators still are not convinced that a working capital fund in each agency and a centralized fund of $250 million a year for two years is the answer to getting federal agencies off of outdated, insecure systems.
“The committee recognizes that government IT systems need improvement, and has provided funding for this work. In addition to funding, there must be appropriate oversight and accountability for government IT projects to be successful,” said Chris Gallegos, a spokesman for the majority side of the Senate Appropriations Committee, in an email to Federal News Radio. “According to the Government Accountability Office, the federal government will invest an estimated $89 billion on IT in fiscal year 2017. Funding is not the root problem with government IT projects, but rather insufficient program management and oversight, gaps in technical skills, and failure to take an incremental approach to development.”
Understand progress being made in the evolving cyber scorecard. Download our free Expert Edition: Cyber Exposure in DoD.
Gallegos highlighted GAO’s March 2017 report on the implementation of the Federal IT Acquisition Reform Act (FITARA) as reasons why more oversight and better project management are among the answers to getting agencies off of legacy hardware and software.
GAO found agencies’ use of incremental or agile development processes were missing key oversight mechanisms.
“GAO determined that only three of seven agencies selected for in-depth review had policies regarding the CIO certifying IT investments’ adequate implementation of incremental development, as required by OMB. GAO recommended, among other things, that four agencies improve their policies for CIO certification of incremental development,” auditors stated.
A Democratic aide for the Appropriations Committee said the minority supports the bill because the amount of money agencies are talking about is relatively small and the impact on the IT infrastructure would be worthwhile.
While Gallegos didn’t explain any further the committee’s thinking about the MGT bill, other observers say Senate appropriators remain uncertain about the bill’s approach.
Rich Beutel, a former staff member of the House Oversight and Government Reform Committee who helped write FITARA and now the founder of Cyrrus Analytics, said at the recent Cloud Security Alliance conference in Washington, D.C., that Senate lawmakers remain concerned over the establishment of working capital funds at every agency.
“Some working capital funds, in the past, have gone off the rails,” Beutel said, referring to some well-known examples, including the General Services Administration and the Defense Department’s problems in the mid-2000s. “But with MGT, there is strict oversight of the working capital funds.”
The oversight requirements in the bill include a report to OMB every six months after the first year of the establishment of the funds detailing how much and on what the agency spent the money on. The department also must make the funding decisions public.
Beutel said the Senate sponsors of the MGT Act, Sens. Jerry Moran (R-Kan.) and Tom Udall (D-N.M.), also are working closely with the Appropriations Committee to explain the bill’s provisions and alleviate any concerns.
“We feel very confident that we will have the strong, bipartisan support we need to get this bill over the finish line. Senators from both sides of the aisle recognize the urgency of this issue: as we have seen just this week with the ‘WannaCry’ attack, global cyberattacks are becoming increasingly sophisticated and pose a complex and serious threat to our national security,” Udall said in an email to Federal News Radio. “But the federal government continues to rely on grossly outdated IT systems that make us vulnerable to such damaging cyberattacks. I’m glad to see the House pass this bipartisan legislation, which will help federal agencies to retire old systems and invest in new and critical technologies. Maintaining old IT systems is a security risk and costs taxpayers billions of dollars each year. In the Senate, I’ll work hard to pass this bill and see it signed into law, to ensure that our government is getting better service at a better value for American taxpayers.”
An aide for Moran added that both the Senate Appropriations Committee and the Senate Homeland Security and Governmental Affairs Committee have been kept up to speed on the developments of the legislation. The aide said Moran is pushing for its timely consideration given the bill’s potential impact on national security and taxpayer savings.
Hurd also remains confident the Senate will pass his bill.
“What we have been doing the last couple of months is having conversations with them to see what their concerns were and to make tweaks in the legislation to deal with the CBO score. I feel very good in having Moran and Udall champion this,” he said after speaking at the VMWare event. “We’ve had conversations with everyone in the Senate who will be involved in this process. I feel good that with the tweaks we’ve made, we will see this move in the Senate.”
In the meantime, OMB is preparing for the likelihood that the bill passes.
Margie Graves, the acting federal CIO, said at the May 17 VMWare Innovation Summit, OMB has been working with five agencies to test out the requirements for the business case to apply for some of the funding in the $500 million central fund.
“We got together with agencies and developed a list of criteria on what does a good business case look like, and this can be informed by what you do in private sector or what you do in government. It’s all the same criteria. It’s got to have a decent ROI. It’s got to have an impact. It’s got to be addressed to your most critical items,” she said. “We piloted that with five different agencies. It seemed to work well. We didn’t want to release it absent the legislation itself so the timing of that is more informed by when we actually get into the conversation with the Senate and when we actually know what the timeline might turn out to be. Meanwhile, we will be testing the waters on how this would work.”
Graves said OMB will review other sectors such as the venture capital or grants communities to better understand how organizations evaluate a large number of requests and figure out how best to spend their dollars effectively.
Graves said the five pilots were large and small.
“We tested a template. Are we asking the right questions? If you were sitting on the other side of this, would you be able to discern from the questions that we are asking what the right decision would be? Are we collecting the right data? Are we not being burdensome as we are collecting the data?” she said. “With these five data elements, could we run my business? If so, then we should keep it to five. If it’s more than that, then we need to talk about it. It’s still being discussed. It’s still open and it’s still being baked.”
Under MGT, GSA and OMB will oversee a board to review the business cases and make decisions of where to allocate the funding — of course, if the appropriators approve the $250 million authorization.
Graves said agencies have been identifying high-valued assets and other areas that need to be modernized for some time. OMB issued the draft policy to implement the $3.1 billion IT Modernization Fund in October as a roadmap for agencies to figure out how best to move off of legacy IT.
“One of the things I’m most heartened about, just as they are doing with the reorg executive order where agencies are cross-talking about common business processes and the ways they can work together, we want to see the same kind of thing in the federal IT systems realm to see some agencies come to the table with a unified proposals that says this is my business process that crosses multiple agencies,” she said. “You would have the expectation that you need to cover them all in order for them to work effectively together.”