OMB: Focus on cybersecurity before new projects
The Office of Management and Budget has told 18 agencies not to develop, modernize or enhance IT systems until their cybersecurity problems are fixed.
OMB administrator for IT and e-government Karen Evans today said agencies must stop layering new projects on top of vulnerable IT infrastructures, and do a better job of managing their IT portfolios.
“Agencies need to secure what they have, and if they do it efficiently, they will have remaining dollars to meet other priorities for modernization efforts,” Evans said during a press briefing on the IT budget in Washington.
“The whole premise of this is to look at your IT portfolio, don’t just look at things in segments and pieces. You have to look at what your IT program is, if you are a CIO at department level, what are you doing, how are you managing this throughout entire department, what are the priorities of the department and how to go forward. The priority of this administration is cybersecurity.”
The 18 agencies have requested $8.1 billion for fiscal 2005 and plan to spend $8.5 billion in 2004 on development, modernization and enhancement efforts. Evans said agencies could fix their cybersecurity problems by using this money, which does not include funds for general systems operations and maintenance.
Eight agencies—the Commerce, Defense and Energy departments and Environmental Protection Agency, NASA, National Science Foundation, Nuclear Regulatory Commission and Office of Personnel Management—are exempt from this requirement because OMB determined that they have good security programs.
“If it only takes $1 million to remediate their IT security problems, they would discuss it with us and clearly demonstrate they have shown progress in their cybersecurity programs so that we have confidence they can achieve the goals outlined in their cybersecurity program,” Evans said. “And then the rest of the money is allowed for them to go forward with their development and modernization efforts they outlined.”
OMB also is putting a hold on development and modernization efforts for human resources, financial and grants management systems. Evans said agencies requested $266 million for grants systems; $1.78 billion for financial management systems; and $391 million for HR systems in 2004 and 2005.
“We are not telling agencies to stop implementing HR or financial systems if they are close, but if the systems are in the beginning stages of planning, they should see if they can use the money for a common solution,” Evans said. “For those agencies about to implement a system, they have to add a clause to the contract that says this system will be migrated to the common solution when it is defined.”
OMB director Joshua Bolten will send a letter to agency heads later this month creating an interagency task force for HR and grants efforts. OMB already created a task force for financial systems, case management and health architecture, which are the other lines of business consolidation projects OMB is working on.
“The task force will make policy recommendations and work with industry to get their input on implementing a common solution,” Evans said. “We want the task forces to focus on standards, architecture and potential cost savings.”
Connect with the GCN staff on Twitter @GCNtech.