Making modernization happen

Now more than ever before, comprehensive IT modernization for federal agencies is a real possibility. The question that remains is whether President Donald Trump's words and actions during his first months in office will be sustained by the administration and Congress in the months and years ahead.

President Trump steps up on cybersecurity

Beginning shortly after inauguration day, rumors floated around the Beltway and in technology circles about a looming cybersecurity executive order. The order, which was ultimately signed in May, requires federal agencies to use the NIST Cybersecurity Framework, promotes risk management as a governmentwide enterprise effort and pushes agencies toward shared services, including cloud computing – all of which are extremely positive developments for IT modernization and security. As the intelligence community's experiences with the cloud have shown, greater use of the cloud will allow federal agencies to achieve a more secure, scalable computing environment, and will in the long run be the best deal for taxpayers.

We saw further indication of the Trump administration's desire to prioritize federal IT modernization in April when the White House established the American Technology Council. This council will focus on improving how citizens use technology to interact with the government, in part by modernizing government systems and websites.

President Trump has personally given voice to the need for IT modernization, telling business leaders that his administration plans a "massive program to modernize" government computer systems. Citing the high cost of simply maintaining current systems, the president indicated to these executives that it would be better for the taxpayers to buy entirely new systems, and he speculated that the government should be prepared to start spending as much as $10 billion to modernize.

Those words were followed up by Trump's proposed FY 2018 budget that included $228 million designated for IT modernization. Of course, this is just an opening bid in Washington's annual budget process, which will continue through the fall. Congress, which has the responsibility for actually appropriating money, still must fund the request. 

While some have complained that this $228 million request was nowhere near the $10 billion the president speculated about previously, it is a step forward for IT modernization, and it is consistent with one of the sections in the proposed Modernizing Government Technology Act pending in Congress. Overall, the MGT legislation has the potential to provide far greater future support for federal IT modernization, beyond the amount proposed by the president.

The critical long-term role of the MGT Act

The MGT bill, which has already been approved unanimously by the U.S. House of Representatives, would authorize creation of a $250 million annual central revolving fund to help transition agency legacy systems to managed services, including the cloud. The president's FY 2018 budget proposal closely tracks this figure. But the MGT legislation would also incentivize agencies to find savings through modernization by authorizing them to establish their own revolving funds with savings from IT upgrades. These savings could then be reinvested in further agency IT modernization projects. Such agency-level revolving funds hold the potential for significantly greater longer-term investments, making total federal spending for IT modernization much higher than the initial amount shown in the President's FY 2018 budget. 

I am convinced the White House's proposed funding for IT modernization, coupled with the potential investments envisioned by the MGT Act, will enable government agencies to better pursue more secure and cost-effective shared IT services, including cloud computing, as called for by President Trump's cybersecurity executive order.

The public cloud is key to federal IT modernization

Keep in mind why this effort is needed. While the federal government spends at least $80 billion each year on information technology, more than 75 percent of this amount is spent simply maintaining legacy systems, which are inherently and increasingly less secure. That leaves less than a quarter of the IT budget for modernization via the acquisition of new, more secure capabilities such as the public cloud, which I believe to be a keystone for federal IT modernization efforts.

This failure to modernize federal IT systems has exposed all such systems to the possibility of a major attack. Let's not forget the massive OPM breach discovered in 2015 had its roots in legacy IT system vulnerabilities. As a result of that breach, millions of current and former federal employees, and others, had their data exposed. Last year, I testified at one of many congressional hearings where congressional and executive branch officials vowed that steps must be taken to ensure such attacks and exposure of personal information does not happen again. 

Long-term IT modernization will take sustained political support (and funding)

Now here's a chance to back these words with actions. First, Congress should swiftly pass the Modernizing Government Technology Act. Second, it should fully fund the president's request for IT modernization this year. Third, the president and Congress should be prepared to provide the continued direction and funding needed in future years to sustain this effort to constantly assess, update and secure government systems.

Let's not fall back into the trap of "it's still running, so it doesn't need updating." We can pay now for IT modernization, or we will surely pay more later, and in so many ways.