WASHINGTON – U.S. Senator Jerry Moran (R-Kan.) – member of the Senate Commerce and Appropriations Committees – today spoke on the Senate floor regarding a path forward to appropriating FY2019 funding to the Technology Modernization Fund (TMF) and his ongoing efforts to bolster the transparency of the TMF, including coordinating specific information exchanges between Senate appropriators and related agencies.

Last year, Sen. Moran’s Modernizing Government Technology (MGT) Act passed the Senate as part of the FY2018 National Defense Authorization Act and the bill was subsequently signed into law in December. The MGT Act creates the TMF, a separate, centralized fund administered by the General Services Administration within the Department of the Treasury.

Click Here to Watch the Remarks

“Congress and federal agencies must work hand-in-hand to provide the necessary resources to the Technology Modernization Fund, which, used responsibly, is a vital tool for the federal government’s task of keeping our nation’s critical IT infrastructure efficient and secure,” said Sen. Moran.

Sen. Moran’s full remarks as prepared for delivery:

“Mr. President, today I wish to speak on evolving threats in cybersecurity that not only pose harm to individual Americans but also the federal agencies that are tasked with ensuring the economic and national security of our nation. In recent years, it has become clear that threats in cybersecurity are rapidly changing – cyberattacks are not only growing in volume, but also in complexity.

“As chairman of the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, I’ve convened hearings and publicly questioned federal agencies and private corporations alike to determine what standards and practices they have in place to better protect their customers’ personal and financial data.

“With examples of breaches exposing the personally identifiable information of tens of millions of Americans like the 2015 breach within the U.S. Office of Personnel Management, the ability to compromise data and networks in the federal government cannot be overstated. Companies must do all they can to prevent hackers from gaining access to their customers’ information. The federal government and state officials must do the same.

“Advancements in information technology, or IT, will continue to drive change in our nation’s security, economic competitiveness, communications, health care, privacy and other areas. The federal government must keep pace with these changes through nimble, expeditious and results-driven decision making. A stringent and cumbersome budgeting and acquisition process has tied the hands of federal agencies in their efforts to modernize their IT systems in an efficient fashion.

“The U.S. Government Accountability Office’s (GAO) 2015 High-Risk Series report highlighted several issues it deemed critical to improving IT acquisition. Specifically, the report stated that about 75 percent of the $80 billion the federal government spends annually on IT investments is spent operating and maintaining outdated and unsupported legacy systems – creating major cybersecurity vulnerabilities at home and abroad.

“In fact, Federal Chief Information Officer (CIO) Suzette Kent recently testified to the House Committee on Oversight and Government Reform last week, where she identified the replacement of legacy IT systems as critical to achieving stronger federal cybersecurity protections.

“With the support of the Trump administration, I partnered with Senator Tom Udall of New Mexico to introduce the Modernizing Government Technology (MGT) Act in an effort to address the foundational cybersecurity threats that outdated legacy systems in our federal agencies pose.

“The MGT Act establishes IT working capital funds at the 24 CFO Act-eligible agencies and allows them to use savings obtained through streamlining IT systems, replacing legacy products and transitioning to cloud computing for further modernization efforts for up to three years. The bill also creates the Technology Modernization Fund, a separate, centralized fund within the Department of the Treasury. These resources would be administered across the federal government by the head of the General Services Administration in consultation with a board of federal IT experts.

“It is fitting that the MGT Act was signed into law last year as part of the National Defense Authorization Act for FY2018, as cybersecurity policy is increasingly interwoven into comprehensive national security discussions.

“As contributors to the original drafting of the MGT Act, Senate appropriators demonstrated their continued support for the innovative policy by appropriating $100 million to the Technology Modernization Fund for FY2018. Of this original funding, the Technology Modernization Fund has already awarded substantial loans to applicant agencies including the Departments of Housing and Urban Development, Energy and Agriculture to replace their outdated, unsupported and vulnerable systems.

“Given these early stage successes, I was disappointed to find that the Senate Appropriations Subcommittee for Financial Services and General Government (FSGG) provided no funds for the Technology Modernization Fund in their mark for FY2019.

“After working with Subcommittee Chairman Lankford and his staff, it is clear that GSA and OMB need to provide more information on individual agency proposals submitted to and awarded by the Technology Modernization Fund. I worked with the subcommittee to include specific reporting requirements in this bill for the agencies to provide to Congress. Agency officials have been providing necessary information to appropriators since the markup of the bill. These commonsense requirements are absolutely critical and will lead to more transparency, and it is important that the GSA and OMB work closely with the Appropriations Committee on proposals moving forward. 

“Congress and federal agencies must work hand-in-hand to provide the necessary resources to the Technology Modernization Fund, which, used responsibly, is a vital tool for the federal government’s task of keeping our nation’s critical IT infrastructure efficient and secure. Inherently tied to improving our nation’s critical IT infrastructure is bolstering cybersecurity efforts to protect us from those who wish to do harm in the cyber domain. The federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities.

“One of the most well-known topics related to our nation’s cybersecurity capabilities relates to the intelligence community indicating that Russian cyber actors interfered with U.S. elections.

“These exposures threaten to compromise one of the most sacred privileges we have as Americans afforded to us in our constitutional freedom to participate in democracy through elections. Backend election systems – including voter registration databases, ballot creation systems, voting machine configuration systems, absentee processing and reporting, and tabulation software – are increasingly vulnerable and have been compromised by both private and state actors.

“While states are charged with primary responsibilities of securing their systems, the federal government can bolster those efforts through legislation like the Secure Elections Act, which I cosponsored in an effort to strengthen protections against foreign interference and prevent Russian meddling in our elections as in 2016.

“Our nation faces existential threats from adversaries such as Russia and China in a warfare we cannot see that rages in the shadows of cyberspace where cyber-attacks know no bounds – affecting our federal systems, our states, and crossing the line among numerous sectors in our nation’s critical infrastructure. As our intelligence community and other agencies analyze cyber threats – whether attacking our democracy or our critical infrastructure – it is important the federal government promptly streamline and share cybersecurity information with state, local and private sector partners. 

“Though talk of cyber threats to our state networks and critical infrastructure across all sectors continue to grow, this threat is not new and just last July we saw hackers infiltrate a network of companies that run nuclear plants in the United States, including a nuclear power plant in Burlington, Kansas. Incidentally, a cross-section of stakeholders at the state and federal levels, and among the private sector, are represented in the Kansas Intelligence Fusion Center (KIFC), which plays a critical role analyzing and comparing cyber data and intelligence among public private partners and federal agencies to identify similarities, anomalies and ways our cyber defenses can improve. 

“The Fusion Center is an analytical capability that works as an intermediary supporting companies across the United States in our financial and energy sectors, as well as our Intelligence Community and the Departments of Defense, Energy and Homeland Security. With the Fusion Center’s ability to access, analyze and transmit data at classified levels, they are able to more accurately assess cyber threats from a vantage point that private sector partners cannot. Similarly, they are able to share what they learn from cyber-attacks on private sector partners to federal agencies.

“As we look for ways to improve IT systems across the federal government, there is much to be gained from the private sector and their experience and exposure to cyber-attacks. As the Departments of Defense, Energy and Homeland Security develop an assessment of our nation’s cyber infrastructure, I hope they seek the perspective of our private sector partners that have just as much stake in protecting our cyber infrastructure across the country as in our federal government.

“We must do all we can to increase our nation’s ability to detect, prevent and respond to cybersecurity attacks, which is why fully-funding the Technology Modernization Fund is so important to bolstering an environment that incentivizes organizations to strengthen their IT systems. 

“I hope my colleagues recognize the importance of investing into defensive cybersecurity capacity and join me in supporting funding for the Technology Modernization Fund in the Financial Services and General Government Appropriations bill and supporting the Secure Elections Act.” 

# # #