National Cybersecurity Awareness Month is a good time to look back and to note candidly where more effort is needed to improve cyber risk management. While it is a strong champion for this cause, the U.S. federal government has itself faced significant challenges in securing information technology systems in the wake of the 2015 Office of Personnel Management breach. To date, the funding mechanisms used by the government have complicated efforts to shift resources away from maintenance of legacy systems in favor of investments in newer, more secure technologies. Now, there are new and hopeful signs that both Republicans and Democrats can work together on a plan to help modernize the federal government’s IT infrastructure.
Chairman Will Hurd (R-TX), Congressmen Steny Hoyer (D-MD) and Jerry Connolly (D-VA) successfully combined two innovative mechanisms to improve federal technology procurement into a single bill—the Modernizing Government Technology Act of 2016—that recently passed the House of Representatives. If passed by the Senate and signed by the President, the legislation would:
- Establish a centralized IT Modernization Fund based on the White House’s Cybersecurity National Action Plan. Agencies would compete for access to the funds based on demonstrated future savings and security enhancements. Upon repayment, other agencies would then be able to pursue similar opportunities.
- Enable agencies to act on their own to reprogram money designated for operation and maintenance of expensive, insecure legacy systems. This idea preserves the autonomy of the agency leadership to redirect funds towards projects that make more sense in the long-term.
Both ideas will accelerate a pivot away from outmoded legacy systems to modernized solutions, which should cut costs, improve security and boost operational efficiency. In combination, they will move the federal government beyond from the status quo where nearly 80% of IT spending is used to maintain aging, insecure, and expensive legacy federal IT systems.
The US government will benefit significantly from this new bipartisan proposal. Federal systems currently in use are increasingly at risk of cyber-attacks and theft of sensitive personal data. They can and should be replaced with technology built on cloud-based, shared service models. The modernization of IT systems across the federal government enabled by this legislation will deliver cost savings, security enhancements, and improvements in the quality of citizen services. We appreciate the leadership of Mr. Hurd, Hoyer and Connolly, and will work with them to advance these important ideas.
I invite you to also check the Security Blog regularly throughout Cyber Security Awareness Month as we cover weekly topics that will provide insights about security, safety, and privacy. You can learn more about National Cyber Security Awareness Month in the US, and European CyberSecMonth across the European Union, as well as other corresponding cybersecurity advocacy campaigns around the world. Join the National Cyber Security Month conversation on Twitter @CiscoSecurity #CyberAware
Here is article about the bill passing the US House of Representatives: https://fcw.com/articles/2016/09/22/mgt-act-passes-house.aspx
Here is a piece by a colleague of mine also supportive of the bill:
https://fcw.com/articles/2016/10/21/balutis-mgt-congress.aspx
This legislation did pass into law as part of the FY18 National Defense Authorization Bill. Congratulations to all of its sponsors and proponents. The next steps should be to: 1) establish the working capital funds in the agencies; 2) inventory aging legacy technology with an eye towards identifying any product or service that cannot be patched—e.g., beyond its supported lifecycle; and 3) use the new funding flexibility to afforded by the working capital funds to pivot towards modern, supported, cloud-based technologies that will be more secure, efficient, and effective. We also need Congress to circle back and appropriate the $250m authorized for the purpose of setting up the centralized Technology Modernization Fund.