Gene Dodaro, U.S. Comptroller General and head of the Government Accountability Office (GAO), told the House Appropriations Committee’s subcommittee on the Legislative Branch today that the double-digit annual budget increase for GAO proposed in the Biden administration’s FY 2023 budget request will help the agency expand its oversight of a host of cybersecurity and technology-related areas.
The FY2023 budget request seeks a 12.7 percent funding increase for GAO, to $810 million over the FY2022 enacted level. That funding would allow the agency to increase its full-time equivalent workforce to 3,500 people – from about 3,400 currently – and help with additional oversight requests from Congress, and in particular with Federal infrastructure spending in the $1.2 trillion Infrastructure Investment and Jobs Act approved in November 2021.
Dodaro said the increased funding would also help the agency in its already wide-ranging work on cybersecurity and technology issues.
On the cybersecurity front, Dodaro reiterated that cybersecurity has been on GAO’s High Risk List across the government since 1997, with critical infrastructure protection added to that list in 2003.
“My opinion is we are still not acting at a pace commensurate with the evolving great threat to our national security” in critical infrastructure protection, he said, adding, “so I’d like to beef up our cybersecurity work.”
“We’re getting inundated with requests from the Congress, particularly now that concern has been growing” with critical infrastructure protection area and other areas like defense weapons systems, he said. “It’s not just information systems, it’s the functioning of all the Federal government’s operations.”
Dodaro said GAO plans to “continue to expand its expertise and ability to assess the cybersecurity challenges facing the nation.”
“With this expanded capacity, we will assess Federal efforts to establish and implement a national cyber strategy, enhance the agencies’ response to cyber incidents, and improve cyber threat information sharing with critical infrastructure owners and operations,” along with assessing government efforts to help critical infrastructure sectors improve their security, he testified.
“Finally, we will examine the Department of Defense’s (DoD) ability to detect and counter cyber threats, build and maintain its cyber workforce, and meet the challenge of cyber issues in the broader environment, including global dynamics and competition in space,” he said.
Dodaro also emphasized that the budget request would help the agency with a long list of priorities including “rapidly evolving science and technology issues” handled by its Science, Technology Assessment, and Analytics (STAA) team, and its associated GAO Innovation Lab.
He highlighted several areas of the STAA’s work, including assessments that have looked at forensic algorithms, quantum computing and communications, block chain technology, and uses of artificial intelligence (AI) technologies.
He also said the funding request will help GAO execute on its own IT modernization plans that includes a continuing shift of the majority of operations to cloud computing.
“Doing so will allow us to take advantage of enhanced capabilities through on-demand infrastructure and greater access to innovative technology provided by cloud vendors,” he said.
“The target state within this strategy is an enterprise IT architecture modernization that provides enterprise-class computing capabilities, scalability, security, and resiliency,” Dodaro said. “IT modernization will also reduce capital expenditures in the long term, make operating costs more predictable, and support Federal Cloud Smart policy.”
Dodaro told the subcommittee that GAO’s work over the years has saved the government billions of dollars, and he reckoned that the agency’s actions have produced a return on investment for the government of $158 for every $1 spent by the agency on its activities.
