It may come as a surprise in today’s political climate, but there is one thing lawmakers, the president and industry experts agree on: Something must be done about the federal government’s legacy IT systems. Now.
In a new study by BeyondTrust, 81 percent of polled federal IT managers said aging IT infrastructures impact their cybersecurity risk. At least 42 percent of respondents experienced an information security breach in the last six months, typically costing more than $91,000.
“Our findings are consistent with what we’ve all suspected for some time now,” said Tami Gallegos, federal manager at BeyondTrust. “We’ve quantified the challenge with these IT professionals that were willing to share their views with us. Now, the question is: What is the catalyst to evoke change here?”
The answer may lie in a coordinated effort from the Trump administration and several members of Congress. The president signed an executive order Monday to establish the American Technology Council, a group of agency heads and federal executives charged with coordinating the vision, strategy and direction of IT policy across the federal government.
“The federal government must transform and modernize its information technology and how it uses and delivers digital services,” the order states. “Americans deserve better digital services from their government.”
Rep. Will Hurd, R-Texas, repeated the statement Tuesday with the re-introduction of his bill, the Modernizing Government Technology Act.
“The American people deserve better from their government,” he said. “The existing way of doing IT is unsustainable.” The bill has bipartisan, bicameral support and was unanimously passed by the House Oversight and Government Reform Committee with no amendments.
The similar language is no coincidence. White House Office of American Innovation officials Reed Cordish and Chris Liddell were both involved with the revised legislation, a first version of which passed the House last year but stalled in the Senate during the lame-duck session.
Liddell is Trump’s director of strategic initiatives and a former chief financial officer of General Motors and Microsoft; Cordish, a real estate and entertainment mogul, headed Trump’s agency “beachhead teams” during the transition, and now serves as assistant to the president for intergovernmental and technology initiatives.
Democrats, too, were involved, including Rep. Gerry Connolly, who attended WashingtonExec’s STEM Symposium in March and co-authored the Federal Information Technology Acquisition Reform Act.
The MGT Act creates a $250 million IT modernization fund for 2018 and 2019 to support agencies’ efforts “to improve, retire, or replace existing information technology systems … to enhance cybersecurity and to improve efficiency and effectiveness.”
Agencies are also empowered to reprogram existing funding to start their own IT modernization funds, which will also be supported by future discretionary spending through future appropriations acts. One of the most important things, however, is that funds can remain in the working capital funds for up to three years.
“The working capital funds established by the MGT Act will create an incentive for agencies to find savings and reinvest them internally, creating a virtuous cycle,” Connolly said. “This reform has the potential to significantly speed up the federal government’s move to 21st-century technologies.”
The question remains, however, whether it will be enough.
According to BeyondTrust’s survey, 60 percent of federal IT managers state aging IT infrastructure is a major roadblock to being compliant with federally mandated cybersecurity standards. For example, approximately 47 percent of federal agencies still use Windows XP, which Microsoft stopped supporting over three years ago.
“What our respondents have told us is that it takes longer to [modernize] than they thought it would take, and that there’s a budgetary element to this, which is not news either,” Gallegos said. “A majority of IT dollars are spent on trying to maintain the status quo.”
“The federal government spends $80 billion each year on IT systems and 80 percent of which is spent maintaining outdated, legacy systems,” Hurd said. “Our government needs to be able to introduce cutting-edge technology into their networks to improve operational efficiency and decrease operational cost. The MGT Act does just that.”
Even if the funds are sufficient, many IT managers may still be unwilling to modernize.
“Some managers—many of them—said that in some cases, these legacy systems hold truly sensitive data, and they felt in their minds that the risk to taking those systems down and losing that information was greater than the risk of trying to keep them up and going and secure,” Gallegos said. “If we’re not in the environment, we’re not looking at the value of the data they’re trying to keep on these older systems and protect.
“It’s not just a dollars and cents question,” she continued. “If it were, we would have solved the problem by now. It’s far more complex than that.”