Summary: Building on efforts to boost Federal cybersecurity & as part of National Cybersecurity Awareness Month, today we’re releasing a proposed guidance to modernize Federal IT.
America’s spirit of ingenuity and entrepreneurship created the world’s most innovative economy and keeps us dominant in today’s digital age. Indeed, in 1985 about 2,000 people used the Internet; today, 3.2 billion people do. What started out as a useful tool for a few is now a necessity for all of us—as essential for connecting people, goods, and services as the airplane or automobile.
Without doubt, modern technology has created great opportunities for innovation and advancement. But, in a world that is increasingly connected by technology, with greater opportunity comes greater risk. That’s true for major companies, and it’s certainly true for the Federal government. Many Federal departments and agencies rely on aging computer systems and networks running on outdated hardware and infrastructure that are expensive to operate and difficult to defend against modern cyber threats. Of the $82 billion in Federal IT spending planned for 2017, approximately 78 percent ($63 billion) is dedicated to maintaining legacy IT investments. As more and more data is stored online, the need to protect against the adverse consequences of malicious cyber activity becomes more pressing each year.
The Federal Government has a unique obligation to protect the information entrusted to it by the American people. That’s why the President has leveraged cutting-edge technologies to modernize Government and strengthen Federal cybersecurity. We’re deploying tools like the Department of Homeland Security’s EINSTEIN to detect and block cyber threats before they can impact Federal agencies. We’ve dramatically accelerated the use of multi-factor authentication to reduce the risk of adversaries penetrating networks and systems. And as part of his Cybersecurity National Action Plan and supported by the FY 2017 Budget, earlier this year the President proposed a $3.1 billion IT Modernization Fund (ITMF) to kick-start an overhaul of the Federal Government’s antiquated IT systems and transition to new, more secure, efficient, modern IT systems.
Today, we are continuing towards that effort by releasing proposed guidance for public comment that establishes a series of actions for Federal agencies to identify and prioritize IT systems in need of upgrades.
Over the years, agency efforts to modernize existing IT systems have faced substantial challenges. The high costs, lack of funding, and risks associated with modernization efforts, combined with the increasing cost to maintain existing systems, harm agencies’ ability to manage their IT systems strategically and deliver the functionality needed to achieve their missions. Furthermore, operational risks arise when these systems cannot adapt to current or expected mission requirements, user needs, operating environments, or are no longer cost justifiable. Modernization would improve the ability of these systems to deliver the necessary levels of functionality, security, and efficiency to satisfy and secure the needs of agency users, stakeholders, and the American public.
Today’s proposed guidance starts down this path by asking agencies to develop and implement targeted modernization plans for specific high-risk, high-priority systems, along four phases:
- Development of updated Enterprise Roadmaps. Every year, agencies are required to submit to OMB strategic plans (or “Enterprise Roadmaps”) on the current and future state of their business and technology portfolios. As part of this year’s submission, agencies were asked to apply a particular focus that targets opportunities (including through shared services or cloud services) to modernize investments within their IT portfolios and reduce legacy IT spending.
- Identification and prioritization of systems. Agencies will be required to identify and prioritize their information systems for modernization using criteria established by OMB (with the assistance of the General Services Administration). Using the established criteria will provide uniformity across the Government; the criteria are based on security risks, operational risks, business suitability, modernization impact, and ability to execute.
- Development of modernization profiles for high-priority systems. Based on the evaluation discussed in the previous phase, agencies will be required to submit to OMB modernization profiles of systems that have been prioritized for modernization, retirement, or replacement.
- Execution. Modernization profiles will inform agencies’ regular budget planning processes. In addition, contingent upon congressional approval, funding provided could be used to supplement and accelerate modernization efforts proposed in agency budget submissions.
Moving the Federal Government to modern infrastructure, such as cloud-based solutions, is a fundamental necessity to building a digital government that is responsive to citizen needs and secure by design. Doing so will enhance agencies’ ability to protect sensitive data, reduce costs, and deliver world-class services to the public. No one change is the silver bullet, however. Rather, this is a sustained effort that will ensure the Federal government can best serve the American people in the 21st century.
The public will have 30-days to submit input and help us create the foundation for a more modern government. So join us and provide your thoughts on the proposed guidance HERE.
Tony Scott is the U.S. Chief Information Officer.
- FACT SHEET: Cybersecurity National Action Plan
- FACT SHEET: Strengthening and Enhancing Federal Cybersecurity for the 21st Century
- FACT SHEET: Administration Cybersecurity Efforts 2015
- FACT SHEET: Enhancing and Strengthening the Federal Government’s Cybersecurity
- FACT SHEET: White House Summit on Cybersecurity and Consumer Protection
- FACT SHEET: FY 2016 Budget – CybersecurityThis post was originally published on the OMB blog.