Graves: When MGT passes, modernization plans are ready

Margie Graves

Modernization is more than just a buzzword. According to acting federal CIO Margie Graves, it’s a crucial strategy that will help protect critical infrastructure.

“We are closer than we’ve ever been before, I think, to putting all of the pieces and parts of effective IT modernization in place," Graves said at the Oct. 18 CyberTalks conference in Washington, D.C. "That includes funding strategies, acquisition strategies, tech talent that we’re bringing to the table and of course the governance to make all of that work.”

That governance is packed into the Modernizing Government IT Act, which is bundled into the National Defense Authorization Act for 2018. And since the NDAA is considered must-pass legislation, modernization advocates are making sure they're ready to move forward.

“[A]s soon as passage comes for that -- and if there’s money attached to it,” Graves said, “we are preparing accordingly, we’re working with agencies to put together to appropriate business cases.” All those efforts, she added, are “predicated on making sure that we modernize some of the applications first that have the greatest cyber vulnerabilities.”

Graves said the White House was in the final stages of producing its final IT modernization report, which outlines the broader strategy and standards that tie back to cyber intelligence on critical vulnerabilities.

She said the report was due to be publicly published later this week, and that a risk-based national cyber strategy outlined in the report drills down on the intention that “every dollar in the budget” go to identifying and fixing vulnerabilities.

“We should be addressing cyber in a risk-based manner and then tying every dollar in the budget back to buying down risk,” Graves said. “[T]hat’s just as important for the management from the TMF – the technology modernization fund -- as it is for the dollars you spend in your own budget or the dollars you spend in the working capital fund in the federal government. We want to make sure they’re all aligned to the most critical assets.”

Focusing funds on reducing risk will ultimately reap benefits that will then be reflected in Federal Information Security Management Act (FISMA) scorecards, she said.

“We’re never going to have enough money or resourcing or smart cyber talent to do everything for every system,” Graves said. “We have to understand where our cut points are and use whatever resources we have toward the greatest vulnerabilities.”

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.