Funding bill extends TMF and cyber measures through September

The funding package released Tuesday morning extends authorization for the lapsed Technology Modernization Fund and several cybersecurity statutes through the end of the 2026 fiscal year in September. 

Congressional authorization for the Technology Modernization Fund expired over a month ago, leaving its leadership unable to make new investments into technology modernization projects. If the conferenced funding bill released Tuesday by House and Senate appropriators is passed into law, TMF’s authorization will extend through Sept. 30.

"This will give GSA additional time to partner with agencies, accept new proposals, and invest in high-impact projects that strengthen security, reliability, and efficiency for taxpayers, while Congress works toward a longer-term reauthorization," TMF Acting Executive Director Jessie Posilkin told Nextgov/FCW in a statement, calling the reauthorization a "strong vote of confidence and a clear sign of the bipartisan support behind the TMF."

Since creating the TMF in 2017, lawmakers haven’t consistently put money into the revolving fund, even though the fund has bipartisan support. 

The TMF is meant to be sustained by repayments from agencies — a premise that hasn’t always worked, as some projects may not yield savings. The Biden administration temporarily lowered repayment requirements, in part to respond to cybersecurity threats, although the Trump administration is now requiring 100% repayments in most cases. 

The Trump administration has been pushing Congress to reauthorize the fund, which also received a $5 million plus-up in another funding bill released by lawmakers last week and passed by the House.

The minibus also extends some major cybersecurity statutes through Sept. 30 of this year.

The 2015 Cybersecurity Information Sharing Act initially expired when federal funding lapsed last year, but it was given a temporary reprieve when the government reopened in November. The statute permits private sector firms to transmit cyber threat intelligence to government agencies like the FBI and NSA with certain legal protections in place.

The House and Senate have been working through their own versions of a CISA 2015 extension, though the package, if passed, would give them more time to reconcile. Lawmakers in both the House and Senate have different visions regarding the specifics of a longer-term extension for the data-sharing law.

Also included in the FY26 funding package is an extension of the State and Local Cybersecurity Grant Program. State and local governments have highly favored the program, a $1 billion initiative, since its initial funding through the 2021 Biden-era infrastructure law.

The funding package extension timeline was also applied to the National Cybersecurity Protection System. The intrusion detection framework, which monitors U.S. federal civilian network traffic for known threats, alerts agencies to potential cyberattacks, and includes prevention and information-sharing capabilities to shield government IT infrastructure from hackers.

“Reauthorizing the Technology Modernization Fund and the State and Local Cyber Grant Program for the rest of the fiscal year allows the government to invest money in new technology modernization and cyber security projects at the federal and state level while we work on more permanent, longer term reauthorizations and funding,” Ross Nodurft, executive director of the Alliance for Digital Innovation, a trade group of commercial technology companies, told Nextgov/FCW in a statement.

Editor's note: This article has been updated to include a comment from the TMF's acting executive director.