Cybersecurity

Graves: When MGT passes, modernization plans are ready

Margie Graves

Modernization is more than just a buzzword. According to acting federal CIO Margie Graves, it’s a crucial strategy that will help protect critical infrastructure.

“We are closer than we’ve ever been before, I think, to putting all of the pieces and parts of effective IT modernization in place," Graves said at the Oct. 18 CyberTalks conference in Washington, D.C. "That includes funding strategies, acquisition strategies, tech talent that we’re bringing to the table and of course the governance to make all of that work.”

That governance is packed into the Modernizing Government IT Act, which is bundled into the National Defense Authorization Act for 2018. And since the NDAA is considered must-pass legislation, modernization advocates are making sure they're ready to move forward.

“[A]s soon as passage comes for that -- and if there’s money attached to it,” Graves said, “we are preparing accordingly, we’re working with agencies to put together to appropriate business cases.” All those efforts, she added, are “predicated on making sure that we modernize some of the applications first that have the greatest cyber vulnerabilities.”

Graves said the White House was in the final stages of producing its final IT modernization report, which outlines the broader strategy and standards that tie back to cyber intelligence on critical vulnerabilities.

She said the report was due to be publicly published later this week, and that a risk-based national cyber strategy outlined in the report drills down on the intention that “every dollar in the budget” go to identifying and fixing vulnerabilities.

“We should be addressing cyber in a risk-based manner and then tying every dollar in the budget back to buying down risk,” Graves said. “[T]hat’s just as important for the management from the TMF – the technology modernization fund -- as it is for the dollars you spend in your own budget or the dollars you spend in the working capital fund in the federal government. We want to make sure they’re all aligned to the most critical assets.”

Focusing funds on reducing risk will ultimately reap benefits that will then be reflected in Federal Information Security Management Act (FISMA) scorecards, she said.

“We’re never going to have enough money or resourcing or smart cyber talent to do everything for every system,” Graves said. “We have to understand where our cut points are and use whatever resources we have toward the greatest vulnerabilities.”

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group