Cloud Security , Governance & Risk Management , Next-Generation Technologies & Secure Development
Modernizing Government Technology Act Passes House
Backers Say Legislation Would Improve Federal CybersecurityThe House of Representatives has passed the Modernizing Government Technology Act, which supporters contend should help improve the security of the federal government's information networks.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
The legislation passed May 17 on a voice vote and now goes to the Senate, where its prospects are uncertain.
Should the bill become law, major agencies would create IT capital funds in which they could recover savings from IT modernization initiatives, such as moving systems and data to the cloud, rather than returning the money back to the Treasury. An agency, in theory, that decreases costs by using new technologies or employing cloud services could retain the savings for up to three years if those savings go toward additional IT modernization projects.
Baked-in Security
Supporters of modernizing IT point out that many newer systems are created with security baked in; they're also easier to patch with security updates than most legacy systems. "It will keep our digital infrastructure safe from cyberattacks while saving billions of dollars," bill sponsor Rep. Will Hurd, R-Texas, said on the House floor.
The Trump administration is a big supporter of IT modernization. The cybersecurity executive order signed by President Donald Trump earlier this month includes a provision that calls for the government to replace legacy systems (see Trump Finally Signs Cybersecurity Executive Order). To oversee IT modernization, the administration has established the American Technology Council, a multiagency organization that the president technically chairs but is being overseen by his son-in-law and senior adviser Jared Kushner.
Modernizing federal IT has bipartisan support. The Obama administration promoted the idea of modernizing federal government IT in an April 2016 initiative (see White House Proposes $3 Billion Fund to Modernize Federal IT). "Many federal systems are exceedingly difficult to defend, due to their age, and the only way to remedy that situation is to change the IT," says Michael Daniel, president of the Cyber Threat Alliance, a not-for-profit, industry-sponsored information sharing and analysis organization and former Obama White House cybersecurity coordinator.
Misguided Notion?
But skeptics of IT modernization question whether it will actually improve security. Former CIA CISO Robert Bigman, an IT security consultant, characterizes modernizing IT to provide stronger security as a "misguided notion. ... This is not an evidence-based observation and is largely pushed by IT vendors/contractors. The notion that the same people who could not secure older and simpler technology can now better secure modern and more complicated IT is ludicrous."
Internet Security Alliance President Larry Clinton suggests modernizing technology, on its own, won't bolster security. "The government already has purchased advanced technology but doesn't have the personnel to properly use it and thus these investments are largely wasted," he says. "We need to modernize our IT systems, which includes upgrading the personnel as well as the technology."
Slow Start in Senate
Legislation similar to the House IT modernization bill was introduced in the Senate on April 28 and assigned to the Homeland Security and Governmental Affairs Committee. The measure has yet to be scheduled for a hearing or vote. The Senate generally lags behind the House in tackling cybersecurity legislation.
Still, a number of senators have lined up to support the measure. Sen. Tom Udall, D-N.M., cites the global WannaCry ransomware attack - which has exploited older versions of the Microsoft operating systems - as a reminder that antiquated systems need to be replaced to enhance cybersecurity. "The federal government continues to rely on grossly outdated IT systems that make us vulnerable to such damaging cyberattacks," Udall says. "Maintaining old IT systems is a security risk and costs taxpayers billions of dollars each year."