National Cybersecurity Awareness Month is a good time to look back and to note candidly where more effort is needed to improve cyber risk management. While it is a strong champion for this cause, the U.S. federal government has itself faced significant challenges in securing information technology systems in the wake of the 2015 Office of Personnel Management breach. To date, the funding mechanisms used by the government have complicated efforts to shift resources away from maintenance of legacy systems in favor of investments in newer, more secure technologies. Now, there are new and hopeful signs that both Republicans and Democrats can work together on a plan to help modernize the federal government’s IT infrastructure.
Chairman Will Hurd (R-TX), Congressmen Steny Hoyer (D-MD) and Jerry Connolly (D-VA) successfully combined two innovative mechanisms to improve federal technology procurement into a single bill—the Modernizing Government Technology Act of 2016—that recently passed the House of Representatives. If passed by the Senate and signed by the President, the legislation would:
- Establish a centralized IT Modernization Fund based on the White House’s Cybersecurity National Action Plan. Agencies would compete for access to the funds based on demonstrated future savings and security enhancements. Upon repayment, other agencies would then be able to pursue similar opportunities.
- Enable agencies to act on their own to reprogram money designated for operation and maintenance of expensive, insecure legacy systems. This idea preserves the autonomy of the agency leadership to redirect funds towards projects that make more sense in the long-term.
Both ideas will accelerate a pivot away from outmoded legacy systems to modernized solutions, which should cut costs, improve security and boost operational efficiency. In combination, they will move the federal government beyond from the status quo where nearly 80% of IT spending is used to maintain aging, insecure, and expensive legacy federal IT systems.
The US government will benefit significantly from this new bipartisan proposal. Federal systems currently in use are increasingly at risk of cyber-attacks and theft of sensitive personal data. They can and should be replaced with technology built on cloud-based, shared service models. The modernization of IT systems across the federal government enabled by this legislation will deliver cost savings, security enhancements, and improvements in the quality of citizen services. We appreciate the leadership of Mr. Hurd, Hoyer and Connolly, and will work with them to advance these important ideas.
I invite you to also check the Security Blog regularly throughout Cyber Security Awareness Month as we cover weekly topics that will provide insights about security, safety, and privacy. You can learn more about National Cyber Security Awareness Month in the US, and European CyberSecMonth across the European Union, as well as other corresponding cybersecurity advocacy campaigns around the world. Join the National Cyber Security Month conversation on Twitter @CiscoSecurity #CyberAware