On 14 July 2021, Access Partnership and BSA | The Software Alliance co-hosted an hour-long discussion on the Biden Administration and Congress’s efforts to foot stomp the COVID-19 recovery and implement improved cybersecurity protocols across the interagency. The discussion centered on what is next for federal IT modernization and featured key players across Capitol Hill, the executive interagency, and the federal software industry.
Dovetailing with growing concerns about supply chain security amid COVID-19, recent high-profile cybersecurity incidents have reinforced doubts about the ability of legacy federal IT systems to maintain the efficient delivery of critical public services.
The new Administration in response has signaled staunch support for federal IT modernization. In March, Congress approved USD 1 billion for the interagency Technology Modernization Fund (TMF). First authorized in 2017, the fund supports agency efforts to streamline public service delivery, secure sensitive systems and data, and invest taxpayer dollars more effectively.
The Administration’s recent cybersecurity executive order also directed all agencies to plan for accelerating the shift to secure cloud services. Among the order’s first stipulated actions, agency heads had until earlier this month to submit updated plans for cloud adoption and moving to a zero-trust security model. Currently the Office of Management and Budget and Department of Homeland Security are also developing a new federal cloud-security strategy and guidance.
While the Administration and federal agencies wrestle with the increasingly prohibitive costs of maintaining legacy IT, Congress is debating a forthcoming infrastructure package.
Access Partnership’s Dileep Srihari set the stage with a brief ‘fireside’ chat with Allison Tinsey, Counsel to Senator Maggie Hassan, Chair of the Emerging Threats and Spending Oversight Subcommittee on the Senate Homeland Security and Governmental Affairs Committee (HSGAC). The two discussed Senator Hassan’s subcommittee priorities for the 117th Congress, conversations her subcommittee has had with interagency and business stakeholders focused on federal IT modernization, and takeaways from an April subcommittee hearing on potential IT policy reforms which featured testimony from three former agency chief information officers, or CIOs.
Following the chat, Victoria Espinel, President and CEO of BSA | The Software Alliance, led a panel discussion with André Mendes, CIO at the Department of Commerce since August 2019, Stephanie Kostro, Executive Vice President for Policy at the Professional Services Council, and Wayne Bobby, Vice President of U.S. Federal Government at Workday. The discussion ranged from best practices for bureaucratic transformation, to potential solutions for effective IT administration in post-COVID society, to the merits of tailored security standards for different agency core missions.
The Post-COVID IT Transformation
As the federal government thinks through its post-COVID reentry and post-reentry plans, the challenge which should be top of mind for agencies that have been more flexible than anticipated during the pandemic is figuring out ways to preserve the lessons learned from their recent experience weathering disruption. Policies that foster improved data sharing and talent pooling across bureaus and agencies will be needed long after the pandemic subsides. Widespread cloud adoption will help pave the way. But policies for technology adoption that support and cater to the extended federal workforce––particularly as that workforce eventually grows younger––are also vital. For example, a permanent standby extension to the CARES Act’s Section 3610 Federal Contractor Authority, which expires in September, would provide an important safety net for small and medium-sized contractors that were distressed by the pandemic and remain vulnerable to unpredictable future disruptions.
HSGAC Legislative Priorities
Chairwoman Hassan’s subcommittee agenda on cybersecurity and federal IT modernization is informed by the senator’s personal priorities to address fiscal irresponsibility and the abuse of taxpayer dollars. To this extent, the subcommittee’s focus on ameliorating constituent concerns regarding federal overspending will dovetail well with broader public-private efforts to reduce costs and redundancies through federal cloud adoption and shared services. Certification initiatives, such as the Cybersecurity Maturity Model Certification (CMMC) program currently under review by the Department of Defense, will serve as an important facilitator for this new direction.
What Reforms are Next on the Docket?
Bolstering CIO authorities to identify and eliminate legacy IT systems that no longer serve an agency’s core mission will be a crucial benchmark for success going forward. Technical fixes that more easily grant access to working capital funds for multiyear projects would give agencies greater budgetary room to enact ambitious plans, while also providing assurance to private sector allies in these initiatives. Finally, a next step will also be for Congress to enact new mandates for standardized IT modernization plans that call on agencies to address their specific legacy IT issues.
Conclusion: Private Sector to the Fore
Beyond accelerating federal cloud adoption, a key takeaway was the need for a fundamental shift in thinking regarding who is responsible for federal back-office functions. Information classification and other security requirements are often unique to agencies, but there are also commonalities across the departments. Standards that can consolidate agency processes would provide a degree of positive reciprocity, enabling agencies to work more in lockstep with one another to achieve both core and inter-departmental missions. Shifting to a paradigm where the onus is largely on commercial software vendors to keep common back-office functions alive, secure, and up-to-date would further relieve the burden on agencies to meet their core missions while also managing their backend systems.