Hurd sees promise in revolving IT fund but wants agencies to carry the ball

The chairman of the House Information Technology Subcommittee welcomed the president's cybersecurity budget and modernization efforts but said it is up to agencies to capitalize on them.

Rep. Will Hurd (R-Texas) said he supports the administration's $19 billion investment in cybersecurity, but "the devil is always going to be in the details."

"The agencies need to incorporate modernization in their individual budgets," Hurd told reporters after a panel discussion on cybersecurity hosted by public relations firm Levick. "This is not going to be something they only have to deal with right now. This is going to be constantly an issue, and they need to make sure they are prepared to do that."

He said the money for IT needs to be used effectively and added, "I'm looking forward to working with this issue legislatively."

In addition to more than $19 billion in cybersecurity investments, the Obama administration's proposed fiscal 2017 budget includes $3.1 billion to launch a revolving fund to facilitate the replacement of legacy IT systems.

"A working capital fund focusing on IT modernization could be an important tool in making federal agencies more efficient and ultimately more secure, but in order to ensure robust system hygiene, CIOs and agency heads need to be planning for continuous modernization within their existing budget process," Hurd said via email.

Fund or no fund, he added, CIOs need to take advantage of new authorities under the Federal IT Acquisition Reform Act to get their agencies in order.

"The key point to FITARA is empowering CIOs to have the authorities to do what they need to do on their networks," he said. "Ultimately, how do we empower CIOs and agency heads to take control in protecting their own networks? And it's Congress' job to provide oversight and accountability."

U.S. CIO Tony Scott said the $3.1 billion IT Modernization Fund would support projects at agencies that have the biggest IT issues.

"We have a broad surface area of old, outdated technology that's hard to secure [and] expensive to operate," Scott said in a conference call with reporters. "And on top of all that, the skill sets needed to maintain those systems are disappearing rather rapidly."

White House officials are hopeful that Congress will support the IT and cybersecurity aspects of the administration's request for $1.2 trillion in discretionary spending. Obama's top cybersecurity adviser, Michael Daniel, was upbeat about the chances of ushering the ambitious package of cybersecurity policies through Congress. At a New America event on Feb. 11, Daniel said cybersecurity is a bipartisan issue and predicted that there will be "very broad [congressional] support for the goals that we're trying to achieve."

The cyber battlefield

The budget request allocates $7 billion of the $19 billion in cybersecurity spending to the Defense Department. That money would help DOD invest in offensive cyber tools and build the workforce needed to defend its networks.

Hurd, a former CIA officer who has private-sector cybersecurity experience, was critical of the administration's ability to respond to acts of cyberwar.

"If North Korea launched a missile into San Francisco today, we all know how the United States government will respond," Hurd said, but he wondered what action the government would take in the digital world.

He admitted it can be difficult to hold a foreign country liable for a cyberattack on U.S. networks, "but we can say, 'If these kinds of activities happen on our networks, here is going to be our countermeasure.'"

"What are our red lines? What is a digital act of war, and what should our response be? Not too many people are talking about it," Hurd said.

Sean Lyngaas contributed reporting to this article.