OMB floats new rules of the road for IT modernization

The Obama White House is offering new guidelines on how agencies should go about modernizing legacy IT systems.

The draft policy, released Oct. 27, comes from federal CIO Tony Scott and , Office of Management and Budget Director Shaun Donovan. It is a distillation of the modernization policy Scott and others in the administration have been pushing since the rollout of President Barack Obama's FY2017 budget, which included a $19 billion cybersecurity action plan and a $3.1 billion governmentwide revolving fund to support the estimated $12 billion in tech upgrades that agencies need over the next decade.

As the hack of the Office of Personnel Management databases showed all too clearly, the government runs many legacy systems that operate on outmoded operating systems that are hard to update and in many cases difficult or impossible to secure using two-factor authentication, encryption and other security methods.

While the Obama budget hasn't moved in the Republican-controlled Congress, a bill that authorizes governmentwide and agency-based modernization funds passed the House of Representatives in September. Sponsors of a related cloud computing adoption bill in the Senate are hoping to advance similar legislation during the lame duck session of Congress after the election.

Scott has said that the drive toward legacy IT modernization funds is already affecting federal policy, and the draft guidance from the White House is a prime example of that.

At an Oct. 13 event, Scott said, "CIOs have to create more of a demand signal for what needs to be replaced. Frankly, we haven't done a really good job at that. We haven't said, 'Here's how old it is, here's how big it is, or here's how much of it there is, or here are the risks associated with it.'"

The draft policy is all about giving CIOs a way to prioritize IT projects for access to modernization funds. The policy calls for agencies to update enterprise technology roadmaps, identify and prioritize key systems, and come up with plans to move those systems to the cloud or other secure, modern platforms.

"The Federal Government has a unique obligation to protect the information entrusted to it by the American people," Scott wrote in an Oct. 27 blog post announcing the new policy.

The draft asserts that "moving the Federal Government to modern infrastructure and cloud-based solutions is a fundamental necessity to building a digital government that is responsive to citizen needs and secure by design."

Agencies were required to submit enterprise roadmaps to OMB by the end of FY2016, in which officials were asked to identify systems that could move to the cloud or to shared services. Now agencies are being asked to offer at least three likely candidates for modernization or retirement, including one project that could be executed within a year.

OMB is looking for agencies to prioritize systems that run on out-of-support software, are linked to previous security incidents, have documented deficiencies, have problems maintaining valid data as required under federal rules, offer the prospect of functional upgrades or could lead to substantial savings.

The public has 30 days to comment on the draft.