While we’ve already seen Congress engage in fierce debates over fiscal year 2018 funding, it’s important to remember that there are bipartisan issues on the table. Upgrading and modernizing government IT systems is one such area that deserves continued focus.
That’s why we were pleased to see the Senate pass the 2017 National Defense Authorization Act (NDAA) with the Modernizing Government Technology (MGT) Act as an amendment from Sens. Jerry Moran (R-KS) and Tom Udall (D-NM). The MGT Act (HR 2227), introduced earlier this year by Rep. Will Hurd (R-TX), is an important step toward federal IT modernization. The bill passed the House in May with 18 co-sponsors from across the political spectrum, with Reps. Robin Kelly (D-IL), Gerry Connolly (D-VA) and Steny Hoyer (D-MD) joining Reps. Blake Farenthold (R-TX) and Darrell Issa (R-CA), among others. Now that the Senate has done its job, we urge members of the Conference Committee to agree to and pass the NDAA with the MGT Act so federal agencies have the funding they need to implement modern IT systems as quickly as possible.
We’ve all heard the shocking anecdote about the country’s nuclear arsenal that is controlled by an eight-inch floppy disk, but the issues posed by legacy technology are as broad as they are deep.
The security challenges of legacy IT are compounded by today’s complex mix of modern computing platforms and devices. An asset is no longer just a laptop or server, it is now everything from an iPhone to a fighter jet. As a result, the elastic attack surface is now comprised of modern, often short-lived assets and traditional, legacy technology. This has created a massive gap in agencies’ ability to truly understand their Cyber Exposure at any given time.
Modernization Requires Security
But modernizing IT is not enough. Agencies must also ensure that they’re implementing approaches to secure this new technology. That means live discovery of every asset across any computing environment and continuous visibility into where an asset is secure or exposed, and to what extent. Agencies need additional context to prioritize and select the appropriate remediation technique. The ability to transform raw security data into actionable information and risk metrics is also key for making strategic decisions.
Smart Public Policy
The MGT Act is essential to help agencies jumpstart the process of updating their IT systems by establishing a capital fund so agencies won’t be subject to “use it or lose it” provisions of the current federal budget requirements. The Government Accountability Office (GAO) has called out the risks and high costs of outdated federal IT systems for years, most recently estimating that of the more than $80 billion spent for IT annually, 80 percent goes toward operating and maintaining old systems that are difficult, if not impossible, to protect against today’s cyber threats.
Only with modern tools that allow agencies to manage, measure and reduce their cyber risk can they undertake a long-term plan to improve cybersecurity posture and protect against evolving cyber threats. The MGT Act not only enables that shift, but has the potential to save billions of taxpayer dollars in the process. It will also be important to prioritize the cybersecurity funding tied to this legislative initiative to ensure security is intertwined with government modernization efforts into the future. It’s smart public policy that is urgently needed to make our country and its citizens safer, stronger and more secure.