Today, as laid out in the President’s Cybersecurity National Action Plan (CNAP), the Administration proposed legislation to establish a $3.1 billion Information Technology Modernization Fund (ITMF) to further improve our nation’s cybersecurity and retire, replace, and modernize the Federal Government’s information technology (IT) legacy systems, which are costly to maintain and difficult to secure.
Over the last seven years, the President has made clear that cybersecurity is one of the most important challenges we face as a Nation, including strengthening the cybersecurity of Federal networks, systems, and data. In recognition of those challenges, in 2015 for example, Federal agencies bolstered their cybersecurity and further secured Federal information systems by patching critical vulnerabilities; identifying high-value assets; limiting the number of privileged users with access to authorized systems; and nearly doubling the use of strong authentication for all users from 42 percent to 81 percent.
While the Federal Government has made significant progress in improving its cybersecurity capabilities, more work remains. A comprehensive review last year of Federal cybersecurity found that government relies on legacy systems, software, applications, and infrastructure, which are harder to defend against sophisticated actors and less cost-effective. Currently, civilian agencies spend 71 percent ($36 billion) of their IT budget to maintain legacy IT investments, which limits funding for the development of more secure and efficient technology solutions.
To address these and other challenges, earlier this year the President directed his Administration to implement the CNAP – a capstone of more than seven years of determined efforts – that takes near-term actions and puts in place a long-term strategy to ensure the Federal Government, the private sector, and American citizens can take better control of our digital security. As outlined in the CNAP and supported by the President’s 2017 Budget, the proposed ITMF, to be administered by the General Services Administration, will fund the transition to more secure and efficient modern IT systems and infrastructure, while also establishing a self-sustaining mechanism for Federal agencies to regularly refresh their IT systems based on up-to-date technologies and best practices.
More specifically, the ITMF legislative proposal addresses the challenges associated with legacy IT in a number of unique ways:
Ultimately, retiring or modernizing vulnerable and inefficient legacy IT systems will not only make us more secure, it will also save money. As a means of addressing these pressing challenges, the ITMF is an important first step in changing the way the Federal Government manages its IT portfolio. We look forward to working with Congress to drive these innovative approaches and further enhance agencies’ ability to protect sensitive data, reduce costs, and deliver world-class services to the public.
Tony Scott is the United States Chief Information Officer.