Making progress with the critical mission of modernizing federal IT

Making progress with the critical mission of modernizing federal IT
© Getty Images

We may well remember 2017 as the year the government finally sent a strong message on the importance of modernizing federal IT. The message is bolstered by funding to which Congress and the Trump administration agreed. Rep. Will HurdWilliam Ballard HurdWhite House, GOP defend Trump emergency declaration GOP rep: Trump emergency declaration puts US in 'uncharted territory' Immigration groups press for pairing Dreamer benefits with border security MORE (R-Texas) is the principal architect and lead advocate of the congressional effort, with sustained support from Reps. Robin KellyRobin Lynne KellyWorries mount as cybersecurity agency struggles amid shutdown Hillicon Valley: Apple cutting iPhone production | Senior citizens more likely to share fake news on Facebook | Graham says AG nominee will let Mueller finish probe | Dems warn shutdown hurting IT recruitment Hillicon Valley: Marriott cuts breach estimates, but says millions of passports exposed | Los Angeles sues Weather Channel app over data collection | Bill would create office to fight Chinese threats to US tech | German politicians hit by major breach MORE (D-Ill.) and Gerry ConnollyGerald (Gerry) Edward ConnollyDem rep hopes Omar can be 'mentored,' remain on Foreign Affairs panel Fairfax removed from leadership post in lieutenant governors group Virginia Legislative Black Caucus calls on Fairfax to step down MORE (D-Va).

Hurd’s Modernizing Government Technology Act, part of the 2018 National Defense Authorization Act recently signed into law, was the vehicle that advanced the modernization objective, establishing a $500 million central modernization fund that agencies can borrow against to update legacy systems, as well as working capital funds they can use for future modernization projects. This bipartisan bill is one of the largest IT reform packages passed in decades, and it enables federal agencies to retire, replace and modernize outdated IT systems.

ADVERTISEMENT
Yet Congress was not the only significant player in IT modernization. As Morgan Chalfant of The Hill recently wrote, OMB issued formal guidance to federal agencies on implementing part of the White House’s initiative to modernize information technology across the federal government.

 

The administration also staked out a thoughtful position in its IT Modernization Report released in December. Called for by President TrumpDonald John TrumpMcCabe says he was fired because he 'opened a case against' Trump McCabe: Trump said 'I don't care, I believe Putin' when confronted with US intel on North Korea McCabe: Trump talked to me about his election victory during 'bizarre' job interview MORE’s executive order on cybersecurity in May, the report outlines a plan to move the country toward a more secure future and emphasizes the importance of endpoint security. It recognizes our past over-reliance on network-level defense, an approach that has limited the overall security posture of the U.S. government and has made the transition to the cloud more difficult. The report also focuses on the importance of protecting data where it is processed.

Like the executive order on cybersecurity, the modernization report emphasizes the importance of agency leaders truly owning and being accountable for IT and cybersecurity outcomes. The report also focuses on the need to have all departments align around an enterprise architecture to further drive economies of scale.

Other salient points that set the right course for cybersecurity modernization:

  • Proper "cyber hygiene" is as critical to an organization’s security as brushing one’s teeth is to dental health: it simply must be done. Any plans to modernize federal IT must include a serious focus on operational maintenance.
  • Federal organizations can’t be expected to do everything themselves. They’ll have to use shared services, including migration to the cloud, and agencies will need to be flexible.
  • The public and private sectors alike need to consider the effects of quantum computing on data security. Algorithms such as RSA, used to encrypt and decrypt messages, will not be safe once quantum computers are available.
  • Organizations need interoperable security tools to protect against threats. As cybersecurity solutions become interoperable, they become more efficient and cost-effective. They are also easier to maintain than an IT environment of disparate systems.   
  • Finally, and very importantly, there’s a great need for an updated acquisition process, which will enable federal agencies to keep their cybersecurity solutions up-to-date so the government can address adversaries’ constantly changing techniques and tactics. That means adopting flexible procurement rules for software to upgrade programs.

As the government moves forward, we encourage collaboration with the private sector to realize a truly modernized, open and interoperable cybersecurity ecosystem. It is the industry’s shared responsibility to support modernization initiatives, continue to work with agencies to help the government strengthen its cybersecurity posture, and work with policymakers to develop initiatives that will ease the transition.

Tom Gann is chief public policy officer at McAfee, where he manages the company’s U.S. and international advocacy activities.