While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
One of the most noteworthy aspects of President Barack Obama’s fiscal 2017 budget proposal, at least from a federal technology perspective, is a $3.1 billion revolving fund to modernize federal IT systems.
However, it’s not a foregone conclusion that the Republican-controlled Congress will wind up appropriating the money for the fund, even though administration officials, including federal CIO Tony Scott, have been lobbying for it for months, noting that it should be a nonpartisan issue.
The administration’s national cybersecurity plan, unveiled with the budget in February, pushes agencies to evaluate their vulnerable IT infrastructure. The fund, officially dubbed the “Information Technology Modernization Fund,” or ITMF, is designed to accelerate the adoption of more modern systems and is part of the president's Cybersecurity National Action Plan. The ITMF is also intended to be self-sustaining. Scott said in February that “as agencies adopt these more modern technologies and more cost-effective ways of doing things” they could pay back into the fund to support more modernizations.
In early April, the White House proposed legislation to create the ITMF, which would be administered by the General Services Administration (GSA). That decision came several weeks after the House Budget Committee rejected an amendment for the fund as part of a vote on the House’s fiscal 2017 budget resolution.
The administration argues that while it has made progress on updating legacy IT systems, more work remains to be done, as older systems are vulnerable to cyberattacks and more difficult to protect. “A comprehensive review last year of Federal cybersecurity found that government relies on legacy systems, software, applications, and infrastructure, which are harder to defend against sophisticated actors and less cost-effective,” Scott says in a White House blog post. “Currently, civilian agencies spend 71 percent ($36 billion) of their IT budget to maintain legacy IT investments, which limits funding for the development of more secure and efficient technology solutions.”
Under the proposed legislation for the fund, H.R. 4897, an independent board of experts would, Scott says, “identify the highest-priority projects across government,” ensuring that the “most pressing and highest-risk systems are targeted for replacement.” The board will also “identify opportunities to replace multiple legacy systems with a smaller number of common platforms, facilitating a Government-wide transition to common platforms and re-engineered business practices.”
Scott says that since the fund will require agencies to repay funds they receive, “ITMF is not only self-sustaining, but also can continue to support modernization projects well beyond the initial infusion of capital.” He says the initial $3.1 billion in funding will “address at least $12 billion in modernization projects over the first 10 years and will continue to remain available into the future.”
IT acquisition and development experts at the GSA, Scott says, will give agencies “integrated modernization expertise to agencies” as they update their systems. As FierceGovernmentIT has reported, under Scott’s vision for the fund, “agencies would pitch their modernization plan to the GSA program office in an effort to gain funding. Investment from the revolving fund would be provided incrementally, as modernization projects hit major milestones. Conversely, if deliverables are not met, funding will not be awarded.”
One goal of the fund, according to Scott’s blog post, is also to “replace multiple legacy systems with a smaller number of common platforms — something that is difficult for agencies, acting on their own with limited insight into other agencies’ operations, to do. As a result, the ITMF will facilitate a transition to common platforms and re-engineered business practices across Government.” Scott says this will reduce risks and save money, among other benefits.
“By establishing a central fund that agencies must apply to and compete for, the legislative proposal will provide strong incentives for agencies to develop comprehensive, high-quality modernization plans,” Scott says in the post. “Additionally, stable funding allows for long-term thinking and shorter development times, rather than costly one-off fixes.”
Scott argued that the fund “fundamentally changes the way appropriations are done for information systems in the federal government,” according to an FCW account of an April 25 event at the Institute for Critical Infrastructure Technology's Critical Infrastructure Forum in Arlington, Va.,
Lawmakers in late February expressed skepticism about the proposed fund, FCW reported, wondering how the GSA arrived at the $3.1 billion figure and whether agencies would use the fund to avoid the appropriations process.
"Ultimately, since it is a one-time request, I believe the thought is that we can define it as a one-time request and have it come forward and then have it as a revolving fund," GSA Administrator Denise Turner Roth said during a Feb. 29 hearing of the House Appropriations Committee's Financial Services and General Government Subcommittee, according to FierceGovernmentIT.
Ray Bjorklund, a former federal program manager and policy officer who is now a consultant with market research firm BirchGrove Consulting, told FedTech in an interview that he was not certain the fund would get congressional backing.
“There is a lot of merit in the way the commercial marketplace does this kind of thing, where they make investments, and it’s the concept of spending money to save money later,” he says. “But that’s a real, real bitter pill for Congress to swallow. They’ve always been very uncomfortable with appropriating, or even authorizing in this case, such a high level of authority for contingencies in the future.”
Bjorklund says the size of the proposed fund might be spooking lawmakers. He also notes that many federal agencies already have line items in their budgets for purchasing IT infrastructure.
Additionally, Bjorklund says he is skeptical that GSA will be able to bring together the IT acquisition, agile development and cybersecurity experts to evaluate agencies’ modernization proposals. He also says that the structure of the proposed fund, and the fact that agencies would need to get permission from the GSA to get funding, would likely impede agencies’ procurement.