The Honorable Mitch McConnell
Majority Leader
United States Senate
317 Russell Senate Office Building
Washington, D.C. 20510
The Honorable Richard Shelby
Chairman-Committee on Appropriations
United States Senate
U.S. Capitol, Room S-128
Washington, D.C. 20510
The Honorable Charles E. Schumer
Minority Leader
United States Senate
322 Hart Senate Office Building
Washington, D.C. 20510
The Honorable Patrick Leahy
Vice Chairman-Committee on Appropriations
United States Senate
U.S. Capitol, Room S-128
Washington, D.C. 20510
Dear Senators:
As deliberations continue regarding additional legislative package(s) to provide resources for COVID- 19 response and recovery efforts, the undersigned organizations urge the inclusion of funding for federal and state information technology (IT) and cybersecurity modernization initiatives that enable effective and secure program delivery, as well as meaningful mission outcomes.
To date, public sector Chief Information Officers (CIOs) have performed commendably as they have sought to ensure continuity of operations while also ramping up IT systems that facilitate government management and oversight of COVID-19 recovery initiatives. However, the prevalence of outdated legacy IT continues to hamper the effectiveness of recovery efforts. Citizens are being denied positive digital government experiences as they seek access to much needed programs, such as securing business loan programs, receiving economic security paym ents, or applying for unem plo ym ent benefits.
These issues, and many other IT and cybersecurity challenges across numerous Federal agencies were recently detailed in the first report from the Pandemic Response Accountability Committee (PRAC).1 These problems are not limited to the Federal government but also extend to state, local, tribal, and territorial (SLTT) governments as well. Although these government entities, even in times of incredible duress, have performed admirably in scaling and managing the delivery and security of their IT systems, infrastructure, and services, Congress must continue to provide flexible, agile funding that can be leveraged by SLIT governments to address issues that will propagate as employees either come back to office buildings to perform their work or maintain a continued enhanced telework posture.
There are numerous options Congress can pursue in supporting effective, targeted, and appropriate funding for commercial technologies and cybersec urity capabilities that are of immediate need. As the public sector continues to address the COVID-19 pandemic, increasing economic insecurity, and broader recovery efforts at the Federal and state level, more funding will become essential at all levels of government.
In 2017, Congress enacted the Modernizing Government Technology (MGT) Act, which created a centralized "Technology Modernization Fund" (TMF) within the General Services Administration (GSA) that agencies could borrow from to effectively finance broad, government-wide IT modernization pro ject s. However, only token amounts of funding have been provided to the TMF in prior years, limiting the impact that this transformative IT financing mechanism can have across the Federal enterprise.
It was heartening to see that the House HEROES Act would provide $1,000,000,000 to the TMF, which would represent the most meaningful, centralized effort to improve agency IT systems and digital transformation in recent history. We encourage the Senate to provide the same amount, or more, to the TMF. This will enable government to quickly and effectively leverage commercial capabilities and services that are vital for maintaining operations, deprecating legacy systems, and improving the ability of agencies to manage IT resource effectively throughout changing circumstances.
One of the reasons the TMF can be particularly powerful during these unique times in agency operations is that the fund has several built-in transparency mechanisms, which include the submission of spending plans to Congress, quarterly public status reporting, and preferences for adoption of commercial capabilities. The TMF is also overseen by a Board of the government's top technology, acquisition, and financial management experts, meaning that all TMF projects pass rigorous vetting. For all of these reasons, and because such funding can enable a more immediate and credible response to COVID-19, we strongly urge your support of this key fund.
Elimination or relaxation of onerous requirements to pay back the TMF if borrowing agencies use the funding for COVID-19-related IT modernization initiatives would also spur greater utilization of TMF resources by eliminating the significant disincentive of having to accurately calculate the ability to payback any TMF loans.
The MGT Act also authorized the creation of IT working capital funds within federal agencies that were intended to provide flexibility to agencies to fund IT upgrades. However, because of issues related to the original legislative text or variances in agency authorities, such funds have not been widely implemented. As agencies deal with the critical challenges and opportunities created by the COVID-19 response and recovery, it is imperative that Congress provide necessary authorities to the requisite Federal agencies so the y can make smarter, more financially sound investments in IT modernization and cybersecurity.
It is vital Congress provide targeted funding to State, Local, Tribal, and Territorial (SLTT) governments specifically to address the incredible service delivery and cybersecurity challenges occurring beyond the Federal level. Malicious cyber actors have used attention on COVID-19 to their advantage, continuing to target SLTT government and individual citizens with ransomware, phishing, and computer-enabled financial fraud. SLTT governments are on the front lines of program delivery for key Federal assistance programs, such as unemployment insurance and ensuring citizens have access to appropriate information and resources to deal with COVID-19 related disruptions. However, many of the IT systems and websites that deliver these services are prone to numerous cybersecurity vulnerabilities, run on outdated legacy infrastructure that undermines performance, and fail to provide the ease, accuracy, and usability that citizens have come to expect in their personal lives through enhanced commercial technologies. It is critical that Congress take this unique opportunity to make evidently necessary and profoundly important investments in the modernization and security of SLTT information systems so they can protect citizen data, improve digital service delivery, and ensure that state and local governments are able to effectively and capably adjust to changing dynamics as the country continues to deal with our current and future exigent circumstances.
Federal agencies are undergoing unprecedented attacks from malicious actors. The COVID-19 pandemic has dramatically exacerbated this problem. The Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program provides critical help to agencies so they can identify potential vulnerabilities, mitigate threats, or respond to potential cybersecurity attacks. Although Congress has provided trillions of dollars in recent legislation to help agencies recover and respond to COVID-19, there has not been a corresponding investment in the CDM program and vital cybersecurity products and services it provides to agencies. Due to the dramatic increases in CDM services required of the agencies that have taken on the largest response efforts (and rightly so), there may be challenges in providing necessary cybersecurity protections to other agencies which still face elevated risks. In order to enhance effective cybersecurity across the Federal enterprise and to ensure that agency CDM requests are met, we strongly encourage Congress to provide additional funds to this vital program.
The attached document provides additional details and recommendations. We look forward to working with the Senate on this matter that directly affects pandemic response efforts and the delivery of relief to the public during this unprecedented time.
Thank you for your consideration.
Sincerely,
The Alliance for Digital Innovation
BSA I The Software Alliance
Coalition for Procurement Advocacy
CompTIA
Cybersecurity Coalition
Information Technology Industry Council (ITI)
Internet Association
1 The Pandemic Response Account ability Committee (PRAC) was created in the Coronavirus Aid, Relief, and E conomic Security Act (CARES Act), Pub. L. 116-136 §15010.
2 A copy of the letter sent to Congressional leaders on April 15, 2020 can be found here: https:/ / alhance4digitalinnovatio n.org/ wp content/ uploads/ 2020/04/ l\,1ultiassociation- Letter-to-Congres_sIT-Principles-for-Future-Stimulus-2. pdf