We may well remember 2017 as the year the government finally sent a strong message on the importance of modernizing federal IT. The message is bolstered by funding to which Congress and the Trump administration agreed. Rep. Will Hurd (R-Texas) is the principal architect and lead advocate of the congressional effort, with sustained support from Reps. Robin Kelly (D-Ill.) and Gerry Connolly (D-Va).
Hurd’s Modernizing Government Technology Act, part of the 2018 National Defense Authorization Act recently signed into law, was the vehicle that advanced the modernization objective, establishing a $500 million central modernization fund that agencies can borrow against to update legacy systems, as well as working capital funds they can use for future modernization projects. This bipartisan bill is one of the largest IT reform packages passed in decades, and it enables federal agencies to retire, replace and modernize outdated IT systems.
{mosads}Yet Congress was not the only significant player in IT modernization. As Morgan Chalfant of The Hill recently wrote, OMB issued formal guidance to federal agencies on implementing part of the White House’s initiative to modernize information technology across the federal government.
The administration also staked out a thoughtful position in its IT Modernization Report released in December. Called for by President Trump’s executive order on cybersecurity in May, the report outlines a plan to move the country toward a more secure future and emphasizes the importance of endpoint security. It recognizes our past over-reliance on network-level defense, an approach that has limited the overall security posture of the U.S. government and has made the transition to the cloud more difficult. The report also focuses on the importance of protecting data where it is processed.
Like the executive order on cybersecurity, the modernization report emphasizes the importance of agency leaders truly owning and being accountable for IT and cybersecurity outcomes. The report also focuses on the need to have all departments align around an enterprise architecture to further drive economies of scale.
Other salient points that set the right course for cybersecurity modernization:
- Proper “cyber hygiene” is as critical to an organization’s security as brushing one’s teeth is to dental health: it simply must be done. Any plans to modernize federal IT must include a serious focus on operational maintenance.
- Federal organizations can’t be expected to do everything themselves. They’ll have to use shared services, including migration to the cloud, and agencies will need to be flexible.
- The public and private sectors alike need to consider the effects of quantum computing on data security. Algorithms such as RSA, used to encrypt and decrypt messages, will not be safe once quantum computers are available.
- Organizations need interoperable security tools to protect against threats. As cybersecurity solutions become interoperable, they become more efficient and cost-effective. They are also easier to maintain than an IT environment of disparate systems.
- Finally, and very importantly, there’s a great need for an updated acquisition process, which will enable federal agencies to keep their cybersecurity solutions up-to-date so the government can address adversaries’ constantly changing techniques and tactics. That means adopting flexible procurement rules for software to upgrade programs.
As the government moves forward, we encourage collaboration with the private sector to realize a truly modernized, open and interoperable cybersecurity ecosystem. It is the industry’s shared responsibility to support modernization initiatives, continue to work with agencies to help the government strengthen its cybersecurity posture, and work with policymakers to develop initiatives that will ease the transition.
Tom Gann is chief public policy officer at McAfee, where he manages the company’s U.S. and international advocacy activities.