The top lawmakers in charge of oversight of federal agencies’ information technology want to require more collaboration from agency leaders in the creation of performance plans.
At Friday’s hearing on the Federal Information Technology Acquisition Reform Act, Reps. Gerry Connolly, D-Va., and Jody Hice, R-Ga., chairman and ranking member of the House Oversight Subcommittee on Government Operations, announced the Performance Enhancement Reform Act. The legislation would require chief performance officers to work with other top officials—like chief information and chief data officers—to prepare annual performance plans.
The bill also requires these plans to include descriptions of human capital, training, data and evidence, IT and skill sets needed to meet performance goals as well as require performance plans to include descriptions of the resources and strategies such as technology modernization investments, system upgrades, staff technology skills and expertise, and stakeholder input and feedback needed to meet performance goals.
“Today’s bipartisan legislation is an important step to catalyze collaboration across the executive suite of leaders at federal agencies,” Connolly said in a statement. “Collaboration from key stakeholders will help improve how agencies deliver critical resources to the American public.”
Hice added in the statement that time and money get wasted when agencies do not add the right expertise to the performance planning process.
“Today, with the Performance Enhancement Reform Act, we are taking a step forward in bringing the federal government into the modern era by requiring agencies to coordinate better with key agency leaders and best utilize resources when creating annual performance plans,” Hice said. “This will help maximize agency human capital, technology, and time in order to better serve American families and businesses.”
The rest of the hearing was dedicated to the eleventh FITARA scorecard, which the committee released in December. For the second time since the inception of the scorecard in 2015, every agency received a passing grade of at least a C, though five agencies’ grades dropped.
The release of the scorecard came two weeks after cybersecurity firm FireEye reported it was hacked by a nation-state in what turned out to be an intrusion affecting nine federal agencies. In the intervening months, Microsoft also found vulnerabilities in its on-premise Exchange Servers that had been exploited by an actor it believes to be state-sponsored.
This led lawmakers during the hearing to question whether agencies are doing enough work on cybersecurity. Hice asked what the committee can do to better equip Congress to recognize and deal with these kinds of problems.
“I agree that supply chain management and the risks associated are critically important to cybersecurity and our government’s operations,” Kevin Walsh, director of information technology and cybersecurity issues at the Government Accountability Office, said. “And we would love to work to explore further metrics that we can use to measure that. I think a note of caution is warranted, though, with things as secure and sensitive as that.”
Rep. Katie Porter, D-Calif., also tied cyber concerns to an ongoing argument over the Office of Management and Budget’s definition of a data center. In June 2019, the Trump administration ordered agencies to stop reporting on facilities not designed to be data centers. Walsh noted during the hearing these excluded facilities include air traffic control centers and large medical machinery that have “basically supercomputers” built in.
When Porter asked Walsh whether not tracking the 2,000 data centers excluded by the rule change could open the U.S. up to cyberattacks, Walsh said yes.
“If [OMB is] not following a statute or the defined Congressional intent that I think we need to consider legislation or even enforcement action,” Porter said.
Since the scorecard was released, the Technology Modernization Fund, which is tracked on the scorecard through the Modernizing Government Technology Act, received a major cash infusion. Through the latest COVID-19 relief bill, the American Rescue Plan Act, TMF received $1 billion.
“We look forward to engaging with the Office of Management Budget about the importance of IT modernization and this funding opportunity at the next FITARA hearing in July,” Connolly said.