Improving and Modernizing Federal Cybersecurity

Today, as laid out in the President’s Cybersecurity National Action Plan (CNAP), the Administration proposed legislation to establish a $3.1 billion Information Technology Modernization Fund (ITMF) to further improve our nation’s cybersecurity and retire, replace, and modernize the Federal Government’s information technology (IT) legacy systems, which are costly to maintain and difficult to secure.

Over the last seven years, the President has made clear that cybersecurity is one of the most important challenges we face as a Nation, including strengthening the cybersecurity of Federal networks, systems, and data.  In recognition of those challenges, in 2015 for example, Federal agencies bolstered their cybersecurity and further secured Federal information systems by patching critical vulnerabilities; identifying high-value assets; limiting the number of privileged users with access to authorized systems; and nearly doubling the use of strong authentication for all users from 42 percent to 81 percent.

While the Federal Government has made significant progress in improving its cybersecurity capabilities, more work remains.  A comprehensive review last year of Federal cybersecurity found that government relies on legacy systems, software, applications, and infrastructure, which are harder to defend against sophisticated actors and less cost-effective.  Currently, civilian agencies spend 71 percent ($36 billion) of their IT budget to maintain legacy IT investments, which limits funding for the development of more secure and efficient technology solutions. 

To address these and other challenges, earlier this year the President directed his Administration to implement the CNAP – a capstone of more than seven years of determined efforts – that takes near-term actions and puts in place a long-term strategy to ensure the Federal Government, the private sector, and American citizens can take better control of our digital security.  As outlined in the CNAP and supported by the President’s 2017 Budget, the proposed ITMF, to be administered by the General Services Administration, will fund the transition to more secure and efficient modern IT systems and infrastructure, while also establishing a self-sustaining mechanism for Federal agencies to regularly refresh their IT systems based on up-to-date technologies and best practices.

More specifically, the ITMF legislative proposal addresses the challenges associated with legacy IT in a number of unique ways:

• Government-Wide Prioritization.  An independent board of experts will identify the highest-priority projects across government, ensuring that the Federal Government’s most pressing and highest-risk systems are targeted for replacement. In addition, the board will identify opportunities to replace multiple legacy systems with a smaller number of common platforms, facilitating a Government-wide transition to common platforms and re-engineered business practices.
• Self-Sustaining.  Requiring agencies to repay funds will ensure the ITMF is not only self-sustaining, but also can continue to support modernization projects well beyond the initial infusion of capital.  As a result, $3.1 billion in seed funding for fiscal year 2017 will address at least $12 billion in modernization projects over the first 10 years and will continue to remain available into the future.
• Expert Management.  Experts in IT acquisition and development at the General Services Administration will provide integrated modernization expertise to agencies in implementing their modernization plans.  Every investment that receives funding will benefit from centralized oversight and expertise, increasing the probability of success.
• Transitioning to Common Platforms.  By collecting modernization proposals from many agencies, the board can identify opportunities to replace multiple legacy systems with a smaller number of common platforms – something that is difficult for agencies, acting on their own with limited insight into other agencies’ operations, to do. As a result, the ITMF will facilitate a transition to common platforms and re-engineered business practices across Government. This will both reduce risks and save money.
• Strong Incentives.  By establishing a central fund that agencies must apply to and compete for, the legislative proposal will provide strong incentives for agencies to develop comprehensive, high-quality modernization plans. Additionally, stable funding allows for long-term thinking and shorter development times, rather than costly one-off fixes.

Ultimately, retiring or modernizing vulnerable and inefficient legacy IT systems will not only make us more secure, it will also save money.  As a means of addressing these pressing challenges, the ITMF is an important first step in changing the way the Federal Government manages its IT portfolio.  We look forward to working with Congress to drive these innovative approaches and further enhance agencies’ ability to protect sensitive data, reduce costs, and deliver world-class services to the public.

Tony Scott is the United States Chief Information Officer.