Federal CIO: IT fund would shake up appropriations process

A proposed $3.1 billion IT modernization fund would shake up the federal IT appropriations process, U.S. CIO Tony Scott said.

The fund to replace outdated systems, which was proposed by the White House and supported by a bill introduced by House Minority Whip Steny Hoyer (D-Md.), "fundamentally changes the way appropriations are done for information systems in the federal government," Scott said April 25 at the Institute for Critical Infrastructure Technology's Critical Infrastructure Forum in Arlington, Va.

Scott described a shadowy current process for funding IT projects in which line items are folded into big, opaque appropriations bills.

"That process has kept hidden from Congress the dire circumstances of some of these systems," Scott said.

He has argued that the federal government's myriad legacy IT systems pose a security threat and that upgrading those systems can be done cost-effectively.

However, the building blocks of federal IT systems -- including computer chips, operating systems and storage -- were built decades ago without accounting for today's cyberthreats, he said. The massive hack of the Office of Personnel Management that exposed the personal information of more than 22 million Americans has been blamed in part on decades-old IT systems.

The Obama administration estimates that the $3.1 billion fund would cover at least $12 billion in projects over 10 years.

The fund would jump-start the projects most in need of funding and would not preclude other investments, Scott told reporters after his speech. The goal is to "create the right demand signal so that future administrations and future Congresses can react in whatever the appropriate way is," he added.

He also said the new fund would complement the Federal IT Acquisition Reform Act's efforts to make federal spending more accountable. 

Before FITARA, which became law in late 2014, "the game in some agencies, quite frankly, was hide as much as you can," Scott said.

Newfound visibility into IT spending will reveal "some ugly truths" about IT practices, he predicted, and he cited the 30-day cybersecurity sprint after the OPM breach as an example of how agencies' shortcomings were uncovered.