Multiassociation Letter to OMB and GSA on TMF Implementation

Mr. Robert Fairweather

Acting Director

Office of Management and Budget

725 17th Street NW

Washington, DC 20503

Ms. Clare Martorana

Federal Chief

Information Officer Office of Management and Budget

725 17th Street NW

Washington, DC 20503

Ms. Katy Kale

Acting Administrator

General Services Administration

1800 F Street NW

Washington, DC 20405

Re: Administration of the Technology Modernization Fund and Amounts Provided in the American Rescue Plan Act

Dear Acting Director Fairweather, Acting Administrator Kale, and Technology Modernization Fund Board Chair Martorana:

The American Rescue Plan Act (ARP) provides an important opportunity to modernize and secure federal information technology (IT) and networks as the nation responds to the COVID-19 crisis and builds back better than before. Specifically, we believe the ARP’s inclusion of $1 billion in funding for the Technology Modernization Fund (TMF) will start to unleash necessary, and long overdue, investments in modern commercial capabilities across the Federal government to address COVID-19 recovery efforts and transform legacy IT systems.

Federal agencies must be equipped with the best technology and security tools available to respond to COVID-19 and best deliver services to the American people. Unfortunately, there are many outdated IT systems, with weak security, still in use across the federal government that are obstacles to achieving these objectives.

The TMF has demonstrated success with multiple projects funded to date, with many of them coming in at a lower cost than initially projected while still realizing full benefits. However, as a portion of prior appropriations remain unspent and few TMF awards were made over the last year, it is imperative that with this substantial new investment in the TMF, the Office of Management and Budget (OMB), the General Services Administration (GSA), and the TMF Board undertake process improvements in the management of the fund to reignite the fund’s early momentum and achieve, through this increased focus in technology, the improved national security and modernization outcomes Congress intended.

Project Selection

While the $1 billion provided to the TMF in the ARP are multi-year funds, the funding was provided in an emergency appropriation. Thus, it stands to reason that Congress would expect to see TMF dollars spent quickly and effectively to deal with challenges in Federal IT modernization, cybersecurity, and service delivery made even more difficult as a result of the COVID-19 response efforts. Based on conversations with agency IT leaders, we are concerned that the current submission process and restrictive repayment requirements may discourage agencies from submitting projects to the TMF and make it unnecessarily complicated and restrictive for funding projects that address multi-agency opportunities, such as shared services, enterprise software and security upgrades, or infrastructure modernization.

If these onerous processes, which were well-intentioned when the TMF was created in a very different funding, geopolitical, and operational environment, remain in place, we fear agencies will remain reluctant to fully leverage the TMF to address critical immediate needs as Congress intended. We recommend the TMF Board take a new, expansive approach to project selection and choose to fund projects at a diverse array of large and small agencies focused on today’s largest challenges. The greatest value the TMF Board can provide will come from explicitly communicating to agencies and industry what its funding priorities will be and working collaboratively to find the best opportunities for investment across the Federal government, rather than simply waiting for potential projects to be submitted.

Repayment

To better allow agencies to act swiftly in the face of unprecedented threats and mission challenges, the Modernizing Government Technology Act (MGT Act) provides the OMB Director with the authority to alter the terms of repayment to the TMF.1 In order to address the many unmet opportunities to fund government-wide IT modernization and cybersecurity efforts at the scale required to deal with COVID-19 response and SolarWinds recovery efforts, we strongly encourage the Director to use this authority for urgent, high-priority projects that respond to these critical challenges. Altering or significantly extending the five year repayment window will also increase the likelihood that the TMF can invest in critical, multi-agency projects or commercial shared services, which are the kinds of projects that require stable funding over multiple years and may take years to demonstrate savings, and retire current legacy systems and processes.

This approach will enable OMB, GSA, and the TMF Board to use the flexibility of the operating model of the TMF to enable funding common modernization opportunities at one or more agencies, make immediate capital infusions to address these legacy IT projects and processes, and vastly increase security of government agencies. This would not preclude the ability of individual agencies to submit their own projects, but it would make the TMF dollars more accessible and easier to deploy for the cross-cutting IT and security challenges that are still plaguing Federal agencies well over a year into the pandemic response.

To further encourage federal agencies’ use of the TMF, GSA should consider waiving the current service fees reimbursed to the TMF PMO as a condition of processing funding awards. Agencies are generally opposed to paying service fees, and this additional cost may deter the submission of single- or multi-agency projects for TMF Board approval. The recent increase in both TMF funding and GSA supplemental appropriations should be sufficient to sustain TMF PMO operations without the need for service fees.

Reforming the TMF Project Management Office to Support Project Success

With the substantial increase in TMF appropriations, the likelihood of the TMF Board approving larger and more complex legacy modernization projects increases. Thus, it is critically important that the GSA Program Management Office (PMO) that supports the TMF Board and funded projects scale appropriately to meet these new challenges and opportunities.

For one, GSA will need a more robust team to work with OMB and the interagency team to assist in identifying, vetting, and supporting the development of new project proposals aligned to today’s national challenges. This process is likely to be multi-faceted and ever-evolving, so a measured, but highly-skilled team of technologists, acquisition professionals, security experts, and customer engagement support professionals will likely be required. However, it is not enough to have a qualified team that simply accepts and analyzes projects before they are provided to the Board for approval. It would be wise to make available to any award recipients, at their discretion, any technical, security, program management, or acquisition professionals that can help improve the likelihood of successful execution all the way through the lifecycle of a TMF investment. Indeed, Congress gave the TMF the authority to provide such services.2

We believe it is in the best interest of the Administration to continue leveraging strong partnerships with industry and adopting modern technical approaches to best ensure TMF project success and, thereby, the long-term sustainability of the Fund itself. Having additional technical expertise for the TMF does not negate the ability of industry to provide the most innovative solutions to the Fund’s projects – on the contrary, it almost certainly means that projects are likely to be designed and implemented in the cutting-edge ways already being adopted in the commercial sector, and that will necessitate the engagement and support of industry to drive successful outcomes.

Transparency and Industry Engagement

As the government moved to remote work amid the pandemic, there has been no shortage of industry use cases that highlight the unique opportunities to drive digital transformation during these exceptional times. This is especially true for the numerous breaches and incidents suffered by government agencies since the onset of COVID-19. Modern technology allows agencies to leverage new commercial capabilities to deal with the constantly evolving threat landscape, and to refocus IT spending towards ensuring a seamless citizen experience. Some pertinent examples are provided in the appendix to this letter, and we would encourage OMB, GSA, and the TMF Board to discuss these credible and important use cases with industry very soon. To jump-start project consideration and the deployment of TMF funds to relevant COVID-19 response and recovery efforts, we have provided as an attachment an initial list of key funding opportunities for the TMF Board to consider.

OMB, GSA, and the TMF Board need not solely rely on agency-originated ideas in trying to identify TMF investment opportunities across government but should work with industry as well. We strongly encourage the TMF Board to have regular open engagements with leaders from the IT and cybersecurity sectors, representing the diversity of technology platforms and solution paths available,

as a means of information sharing, project idea generation, and improving industry understanding of the TMF processes and priorities. We recommend a cadence of quarterly meetings to share information and status updates with industry, and likewise industry with the TMF Board. These ongoing conversations will allow industry to provide insights on the newest technology and cybersecurity capabilities being developed and how they might fit key Administration IT modernization priorities the TMF can fund. These meetings should include representatives from industry as well as representatives from government interagency councils (such as the Chief Information Officers Council, Chief Financial Officers Council, Chief Data Officers Council, and others) whose support and sponsorship of TMF projects will be vital to their success.

Conclusion

In conclusion, we are grateful that the Administration, Congress, and industry have worked closely together to support this substantial investment in the TMF. Now is the time to think big, act quickly, and make improvements to the execution of the TMF to drive urgent IT modernization and security efforts across the government. Our associations stand ready to support OMB, GSA, and the TMF Board as they look to leverage the power and promise of the TMF to fund high-priority projects that support and secure a 21st century digital government.

Very Sincerely,

The Alliance for Commercial Technology in Government

Alliance for Digital Innovation (ADI)

Better Identity Coalition

Center for Procurement Advocacy (CPA) CompTIA

Cybersecurity Coalition Digital Services Coalition

Information Technology Industry Council (ITI)

Internet Association

Software and Information Industry Association (SIIA)

‍

Attachment: Investment Opportunities for the Technology Modernization Fund

• Federal Operations: Fund long overdue projects to retire outdated legacy IT, and modernize agencies’ information technology systems, applications, and infrastructure with commercial capabilities that improve security, efficiency, and auditability. Enterprise-wide updates in capabilities such as digital identity, collaboration tools, payroll and other enterprise services, and secure data sharing are clear opportunities highlighted by the pandemic response where the TMF can assist in all-of-government upgrades to these foundational technologies.
• Citizen Services: Support agency delivery of modern citizen services based upon the principles of the 21st Century IDEA Act, including issuing implementation guidance to promote agency adoption of consolidated services and best-in-class commercial capabilities. Fund projects to enhance adoption capabilities that allow for secure mobile access to and use of all federal and state websites, forms and records, automation and self-use capabilities.
• Remote Work: COVID-19 has proven that large-scale remote work and hybrid work environments will be here long after this pandemic. The TMF is ripe to invest in critical software, digital tools around mobile device management for remote devices and desktops of all types, and training to support, manage and secure a distributed workforce to improve workforce productivity and retention, and to deliver better digital capabilities to citizens.
• Cybersecurity Shared Services: The TMF is the perfect funding vehicle to invest in critical cybersecurity shared services that can assist Federal agencies in mitigating the proliferation and acceleration of threats to government systems and networks. The TMF should work with CISA to expand capabilities around threat hunting, risk-based vulnerability management, vulnerability disclosure, and software assurance capabilities that can benefit all agencies.
• Secure Cloud Adoption: Per the Federal Cloud Smart strategy, fund projects that dramatically accelerate the adoption of secure and optimized cloud computing and cloud- based collaboration tools, including those that enable rapid, multi-channel public communications, customer interaction, data governance, and security in and between cloud environments. The TMF can centrally fund multi-agency efforts to raise the baseline of secure cloud capabilities and zero trust architectures, including those that protect against cyber-attacks that seek to target the seams between and among cloud environments, and that are critical for Federal cybersecurity, digital workflows, and enhanced continuity of government operations.

‍

1 Pub. L. No. 115-91, National Defense Authorization Act for Fiscal Year 2018, Title X, Subtitle G, §1078(b)(6)(A)(i).

2 Ibid. at §1078(c)(8) and (d).

‍